From nobody Sun Nov 14 16:18:36 2021 X-Original-To: freebsd-ports@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B8A831849BBF for ; Sun, 14 Nov 2021 16:18:20 +0000 (UTC) (envelope-from freebsd@ohreally.nl) Received: from rambler.ohreally.nl (rambler.ohreally.nl [51.15.8.63]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Hscv04Jlwz4qMC; Sun, 14 Nov 2021 16:18:20 +0000 (UTC) (envelope-from freebsd@ohreally.nl) Received: from authenticated-user by rambler.ohreally.nl (Postfix) with ESMTPSA id A85E11D77A90; Sun, 14 Nov 2021 17:18:19 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ohreally.nl; s=dkim; t=1636906699; r=y; bh=HcBcOCRzb5RclNJWjQeIpJ0lec1hRuqv6mmBD9Afyxw=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=RRWEjjMJ7uq1ZWF8hsG4ZSBAMAis4zYks6lRat7PLE8XBl15XvrU+95ASU0s8toeG hk42dAFoCsBpcDizNntRVknOF2i+T+pH4EkvzXxKrIdo6GJi87HNNziZOTZOMn2991 mpofffcjQtaQnt4blauONIcZgbSyW+E/F8zMKwYA= Message-ID: <99363924-aa01-013d-6a26-525dfee4513a@ohreally.nl> Date: Sun, 14 Nov 2021 17:18:36 +0100 List-Id: Porting software to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-ports List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-ports@freebsd.org X-BeenThere: freebsd-ports@freebsd.org MIME-Version: 1.0 Subject: Re: Adding functionality to a port Content-Language: en-US To: Kurt Jaeger Cc: freebsd-ports@freebsd.org References: <4ca51765-b556-3f12-5809-5aadbf6dccca@ohreally.nl> <480b44f5-0674-e645-8413-a1a368cfc393@ohreally.nl> From: Rob LA LAU In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: clamav-milter 0.104.0 at rambler.ohreally.nl X-Virus-Status: Clean X-Rspamd-Queue-Id: 4Hscv04Jlwz4qMC X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[] X-ThisMailContainsUnwantedMimeParts: N Hi, On 14/11/2021 16:54, Kurt Jaeger wrote: > Maybe it makes it easier to understand if you tell us the port > in question ? It won't actually, because I don't want to focus on this 1 buggy script I found. My question is not about a single bug in a single script. It's about FreeBSD policy, trust, security and reliability. As a port maintainer, can I just modify the functionality of the ports I maintain without any limits? And as a software developer, can I be sure that the package that is installed on FreeBSD systems, and that carries my name and URL, is actually still the package that I developed, with the functionality I intended? And as a sysadmin or user, can I be sure that the port I installed actually does what is advertised on the upstream website? I honestly think that these are very important questions... The internet is no longer this friendly place it was 30 years ago. People with malicious intent have infiltrated software repositories before, and they will keep doing so. Rob -- https://www.librobert.net/ https://www.ohreally.nl/category/nerd-stuff/