From owner-svn-ports-head@freebsd.org Tue Feb 19 13:16:25 2019 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E810714F1065; Tue, 19 Feb 2019 13:16:24 +0000 (UTC) (envelope-from danfe@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2610:1c1:1:6074::16:84]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "freefall.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7730C8722C; Tue, 19 Feb 2019 13:16:24 +0000 (UTC) (envelope-from danfe@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 1033) id 668291AA52; Tue, 19 Feb 2019 13:16:24 +0000 (UTC) Date: Tue, 19 Feb 2019 13:16:24 +0000 From: Alexey Dokuchaev To: Tobias Kortkamp Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r493354 - in head/sysutils: . py-bitrot Message-ID: <20190219131624.GA7020@FreeBSD.org> References: <201902190818.x1J8I8WT095199@repo.freebsd.org> <20190219082916.GA16223@FreeBSD.org> <45f02a0a-be04-4d62-a4ff-96d800e8687c@www.fastmail.com> <20190219101610.GA71171@FreeBSD.org> <20190219103209.GA45811@urd.tobik.me> <20190219115338.GA46857@FreeBSD.org> <20190219124807.GA82443@urd.tobik.me> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20190219124807.GA82443@urd.tobik.me> User-Agent: Mutt/1.10.1 (2018-07-13) X-Rspamd-Queue-Id: 7730C8722C X-Spamd-Bar: ------ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [-6.87 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; REPLY(-4.00)[]; NEURAL_HAM_SHORT(-0.87)[-0.869,0] X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Feb 2019 13:16:25 -0000 On Tue, Feb 19, 2019 at 01:48:11PM +0100, Tobias Kortkamp wrote: > ... > If I missed something and if you have any evidence that this port > is malicious I'd like to hear about it, so that we can do the > appropriate thing like removing it again. I didn't say anything about *this* port being malicious; my point was two-fold: 1) by adding port to the collection, we as committers should try to provide a well-cooked product: buildable, working, and also properly documented. Sometimes it is easy when upstream offers good substrate so all we have to do is package those bits, but sometimes it is not. Lack of proper documentation, including port description, while not as bad as unbuildable or unrunnable package, is still pretty bad; 2) having "I can't bother beyond handling a simple add request" attitude in general is bad because malicious port or changes *could* be inserted, and thus we should not get into habit of cutting corners and committing whatever was put up on Bugzilla without sufficient review. ./danfe