From owner-cvs-all@FreeBSD.ORG Tue Feb 17 14:10:12 2004 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 172F216A51E; Tue, 17 Feb 2004 14:10:12 -0800 (PST) Received: from mtaw4.prodigy.net (mtaw4.prodigy.net [64.164.98.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id EABD643D2F; Tue, 17 Feb 2004 14:10:11 -0800 (PST) (envelope-from kris@obsecurity.org) Received: from obsecurity.dyndns.org (f42774dc528dbe2209f1db91ce385ef9@adsl-67-119-53-169.dsl.lsan03.pacbell.net [67.119.53.169]) by mtaw4.prodigy.net (8.12.10/8.12.10) with ESMTP id i1HMA8wK011116; Tue, 17 Feb 2004 14:10:09 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 0BF4C66D0E; Tue, 17 Feb 2004 14:10:08 -0800 (PST) Date: Tue, 17 Feb 2004 14:10:07 -0800 From: Kris Kennaway To: Michael Nottebrock Message-ID: <20040217221007.GA22637@xor.obsecurity.org> References: <200402091336.i19Da8nQ019809@repoman.freebsd.org> <200402171404.30701.michaelnottebrock@gmx.net> <200402171420.47274.michaelnottebrock@gmx.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="3V7upXqbjpZ4EhLz" Content-Disposition: inline In-Reply-To: <200402171420.47274.michaelnottebrock@gmx.net> User-Agent: Mutt/1.4.1i cc: Kris Kennaway cc: Michael Nottebrock cc: cvs-all@FreeBSD.org cc: ports-committers@FreeBSD.org cc: cvs-ports@FreeBSD.org cc: Dag-Erling Sm?rgrav Subject: Re: cvs commit: ports/devel/tmake Makefile distinfo X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 22:10:12 -0000 --3V7upXqbjpZ4EhLz Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Feb 17, 2004 at 02:20:46PM +0100, Michael Nottebrock wrote: > On Tuesday 17 February 2004 14:09, Dag-Erling Sm?rgrav wrote: > > Michael Nottebrock writes: > > > On Tuesday 17 February 2004 13:49, Kris Kennaway wrote: > > > > On Mon, Feb 09, 2004 at 02:07:32PM -0800, Kris Kennaway wrote: > > > > > On Mon, Feb 09, 2004 at 05:36:08AM -0800, Michael Nottebrock wrot= e: > > > > > > Log: > > > > > > Fix distinfo, SIZEify. > > > > > > > > > > You forgot to summarize what changed. > > > > > > > > I didn't see a followup to this. > > > > > > I have no idea what you expect me to write. > > > > When the checksum of a distfile changes, there is a considerable risk > > that someone may have trojaned the distfile. As a port maintainer, > > you are exptected to verify that this is not the case before updating > > the checksum in distinfo. You are also expected to summarize the > > reason for the changed checksum in the commit message so that The Rest > > Of Us[tm] can rest assured that you have indeed verified that the > > distfile was not trojaned. >=20 > I didn't know that I was supposed to perform a security audit and I did n= ot do=20 > so. Perhaps it's time for you to re-read the porter's handbook and committer's guide to refresh your memory? This is stated there quite explicitly. Kris --3V7upXqbjpZ4EhLz Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAMpE/Wry0BWjoQKURAtE+AJ49A84knoUhveocQkEruV+AYtrR8wCeP1g5 1785w9ZdP6LK+d94lvcId9k= =qOKw -----END PGP SIGNATURE----- --3V7upXqbjpZ4EhLz--