From owner-freebsd-python@FreeBSD.ORG  Mon May 26 19:55:36 2014
Return-Path: <owner-freebsd-python@FreeBSD.ORG>
Delivered-To: freebsd-python@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id 7FDBA192;
 Mon, 26 May 2014 19:55:36 +0000 (UTC)
Received: from shepard.synsport.net (mail.synsport.com [208.69.230.148])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 56E2D259A;
 Mon, 26 May 2014 19:55:32 +0000 (UTC)
Received: from [192.168.0.21] (unknown [130.255.19.191])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by shepard.synsport.net (Postfix) with ESMTP id 6D1F843B4A;
 Mon, 26 May 2014 14:55:15 -0500 (CDT)
Message-ID: <53839C13.4040405@marino.st>
Date: Mon, 26 May 2014 21:54:59 +0200
From: John Marino <freebsd.contact@marino.st>
Reply-To: marino@freebsd.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
 rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: =?UTF-8?B?QmFydMWCb21pZWogUnV0a293c2tp?= <r@robakdesign.com>, 
 marino@FreeBSD.org
Subject: Re: ports/189666: devel/py-demjson: unfetchable due to rerolled
 tarball
References: <201405260846.s4Q8kUdC079970@freefall.freebsd.org>
 <C6C210C7-53CE-4185-8624-CE3737598A4F@robakdesign.com>
In-Reply-To: <C6C210C7-53CE-4185-8624-CE3737598A4F@robakdesign.com>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Cc: ports@robakdesign.com, freebsd-python@FreeBSD.org
X-BeenThere: freebsd-python@freebsd.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: FreeBSD-specific Python issues <freebsd-python.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-python>,
 <mailto:freebsd-python-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-python/>
List-Post: <mailto:freebsd-python@freebsd.org>
List-Help: <mailto:freebsd-python-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-python>,
 <mailto:freebsd-python-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 26 May 2014 19:55:36 -0000

On 5/26/2014 21:36, Bartłomiej Rutkowski wrote:
> I've just mailed the upstream, explaining the situation and
> suggesting releasing such changes as minor version numbers, like
> 2.0.1 or something similar. We'll see what, if any response will I
> receive, but for now, please, patch the port with new distinfo you've
> proposed. If this happens again and we wont get any answer by that
> time, we'll consider hosting the distfiles or removing the port.

Hi Bartek,
The issue is that I can't blindly update the distinfo.  Somebody (almost
always the maintainer) has to "diff" the original version and the new
version and evaluate exactly what changed and if it's malicious.

I already got chewed out last week for not verifying this personally,
but I generally trust the maintainer if he/she said he did this.  Have
you actually looked inside the new tarball?

Thanks,
John