Date: Sun, 14 Nov 2021 17:18:36 +0100 From: Rob LA LAU <freebsd@ohreally.nl> To: Kurt Jaeger <pi@freebsd.org> Cc: freebsd-ports@freebsd.org Subject: Re: Adding functionality to a port Message-ID: <99363924-aa01-013d-6a26-525dfee4513a@ohreally.nl> In-Reply-To: <YZExLlXP3uEjrvyF@fc.opsec.eu> References: <4ca51765-b556-3f12-5809-5aadbf6dccca@ohreally.nl> <YZEskkPi2%2BcX9hrZ@home.opsec.eu> <480b44f5-0674-e645-8413-a1a368cfc393@ohreally.nl> <YZExLlXP3uEjrvyF@fc.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On 14/11/2021 16:54, Kurt Jaeger wrote: > Maybe it makes it easier to understand if you tell us the port > in question ? It won't actually, because I don't want to focus on this 1 buggy script I found. My question is not about a single bug in a single script. It's about FreeBSD policy, trust, security and reliability. As a port maintainer, can I just modify the functionality of the ports I maintain without any limits? And as a software developer, can I be sure that the package that is installed on FreeBSD systems, and that carries my name and URL, is actually still the package that I developed, with the functionality I intended? And as a sysadmin or user, can I be sure that the port I installed actually does what is advertised on the upstream website? I honestly think that these are very important questions... The internet is no longer this friendly place it was 30 years ago. People with malicious intent have infiltrated software repositories before, and they will keep doing so. Rob -- https://www.librobert.net/ https://www.ohreally.nl/category/nerd-stuff/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?99363924-aa01-013d-6a26-525dfee4513a>