Date: Sun, 14 Nov 2021 17:23:49 +0100 From: Kurt Jaeger <pi@freebsd.org> To: Rob LA LAU <freebsd@ohreally.nl> Cc: freebsd-ports@freebsd.org Subject: Re: Adding functionality to a port Message-ID: <YZE4FStIibXX2sLJ@fc.opsec.eu> In-Reply-To: <99363924-aa01-013d-6a26-525dfee4513a@ohreally.nl> References: <4ca51765-b556-3f12-5809-5aadbf6dccca@ohreally.nl> <YZEskkPi2%2BcX9hrZ@home.opsec.eu> <480b44f5-0674-e645-8413-a1a368cfc393@ohreally.nl> <YZExLlXP3uEjrvyF@fc.opsec.eu> <99363924-aa01-013d-6a26-525dfee4513a@ohreally.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > As a port maintainer, can I just modify the functionality of the ports I > maintain without any limits? Like modifiying a port that does xyz to actually do the reverse ? No, that would be crazy. Upstream and port users would probably freak out, and rightly so. > And as a software developer, can I be sure that the package that is > installed on FreeBSD systems, and that carries my name and URL, is > actually still the package that I developed, with the functionality I > intended? Non-trivial problem. Read the famous paper on trusting trust: https://dl.acm.org/doi/10.1145/358198.358210 > And as a sysadmin or user, can I be sure that the port I installed > actually does what is advertised on the upstream website? See above. > I honestly think that these are very important questions... Yes, but those are unsolvable problems in the framework of a policy. Don't do crazy things is a generic given in most societies I know of 8-) > The internet is no longer this friendly place it was 30 years ago. People > with malicious intent have infiltrated software repositories before, and > they will keep doing so. Yes, sure. So that's why there are reviews etc. And still, bad things happen, and we find out and clean up afterwards. -- pi@FreeBSD.org +49 171 3101372 Now what ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YZE4FStIibXX2sLJ>