Date: Fri, 7 May 2004 17:28:11 -0400 From: Jason Harris <jharris@widomaker.com> To: "Jacques A. Vidrine" <nectar@FreeBSD.org>, Colin Percival <colin.percival@wadham.ox.ac.uk>, "M. Warner Losh" <imp@bsdimp.com>, pav@FreeBSD.org, portmgr@FreeBSD.org, security-officer@FreeBSD.org, security-team@FreeBSD.org, ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org Cc: Jason Harris <jharris@widomaker.com> Subject: Re: ports/65464: ports/www/axis - use MASTER_SITE_APACHE Message-ID: <20040507212811.GO10980@pm1.ric-41.lft.widomaker.com> In-Reply-To: <200405061341.i46DffZl087680@repoman.freebsd.org> <20040506190038.GC1777__15878.5727843226$1083870127@madman.celabo.org> <20040421105108.GF19492@lum.celabo.org> References: <200405061341.i46DffZl087680@repoman.freebsd.org> <200405061341.i46DffZl087680@repoman.freebsd.org> <20040506190038.GC1777__15878.5727843226$1083870127@madman.celabo.org> <20040415194207.GG25575@madman.celabo.org> <20040415232455.GJ10980@pm1.ric-41.lft.widomaker.com> <6.0.1.1.1.20040416003018.03d79880@imap.sfu.ca> <20040415.191136.124830953.imp@bsdimp.com> <6.0.1.1.1.20040416091452.03d2ee98@imap.sfu.ca> <20040416153102.GK10980@pm1.ric-41.lft.widomaker.com> <20040421105108.GF19492@lum.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--T/jJD8id/FoUX/L7 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Apr 21, 2004 at 05:51:09AM -0500, Jacques A. Vidrine wrote: > On Fri, Apr 16, 2004 at 11:31:02AM -0400, Jason Harris wrote: > > Also, I see no reason why the distinfo files can't be clearsigned > > starting immediately. This will not use another inode per port > Interesting thoughts. I do not like `clearsign' format, or separate > provide some security. But we are off course from the original > discussion re: checking PGP sigs of distfiles. Getting back on course... On Thu, May 06, 2004 at 02:00:38PM -0500, Jacques A. Vidrine wrote: > On Thu, May 06, 2004 at 06:41:41AM -0700, Pav Lucistnik wrote: > > pav 2004/05/06 06:41:41 PDT > >=20 > > FreeBSD ports repository > >=20 > > Modified files: > > sysutils Makefile=20 > > Added files: > > sysutils/pv Makefile distinfo pkg-descr=20 > > Log: > > Pipe Viewer (pv) is a terminal-based tool for monitoring the > > progress of data through a pipeline. It can be inserted into > > any normal pipeline between two processes to give a visual > > indication of how quickly data is passing through, how long > > it has taken, how near to completion it is, and an estimate > > of how long it will be until completion. > > =20 > > Author: Andrew Wood <andrew.wood@ivarch.com> > > WWW: http://www.ivarch.com/programs/pv.shtml >=20 > That's really nifty! I wish I'd have thought to create something like > that long ago. This port has a PGP signature, but only on the gzip (v. bzip2) tarball, and only on two mirrors (but not SourceForge). It is interesting because it shows that specifying DISTFILES/EXTRACT_ONLY explicitly is sometimes necessary to pick up the PGP signatures from specific MASTER_SITES (as well as to get the signatures onto the FreeBSD distfile mirrors, esp. for those without the Sergei's patch). Given that USE_GPG/SIG_FILES is a no-op for those not tracking Sergei's patch, how do portmgr@ and security-team@ feel about the patch below? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NotDashEscaped: You need GnuPG to verify this message cvs server: Diffing . Index: Makefile =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/ports/sysutils/pv/Makefile,v retrieving revision 1.1 diff -u -r1.1 Makefile --- Makefile 6 May 2004 13:41:40 -0000 1.1 +++ Makefile 7 May 2004 21:18:19 -0000 @@ -9,13 +9,19 @@ PORTVERSION=3D 0.8.5 CATEGORIES=3D sysutils MASTER_SITES=3D ${MASTER_SITE_SOURCEFORGE} \ - http://dragon.roe.ch/mirrors/distfiles/pv/ + http://dragon.roe.ch/mirrors/distfiles/pv/ \ + http://dragon.roe.ch/mirrors/distfiles/pv/:sig \ + http://www.ivarch.com/programs/sources/:sig MASTER_SITE_SUBDIR=3D pipeviewer +DISTFILES=3D ${DISTNAME}${EXTRACT_SUFX} ${DISTNAME}${EXTRACT_SUFX}.asc:sig +EXTRACT_ONLY=3D ${DISTNAME}${EXTRACT_SUFX} =20 MAINTAINER=3D daniel@roe.ch COMMENT=3D A pipe throughput monitor =20 -USE_BZIP2=3D yes +USE_GPG?=3D yes +SIG_FILES=3D ${DISTNAME}${EXTRACT_SUFX}.asc +#USE_BZIP2=3D yes USE_GMAKE=3D yes GNU_CONFIGURE=3D yes MAN1=3D pv.1 Index: distinfo =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D RCS file: /home/ncvs/ports/sysutils/pv/distinfo,v retrieving revision 1.1 diff -u -r1.1 distinfo --- distinfo 6 May 2004 13:41:40 -0000 1.1 +++ distinfo 7 May 2004 21:18:19 -0000 @@ -1,2 +1,5 @@ MD5 (pv-0.8.5.tar.bz2) =3D a6eeadbc2fbd9c23e329f47ff37b8c83 SIZE (pv-0.8.5.tar.bz2) =3D 84289 +MD5 (pv-0.8.5.tar.gz) =3D 48c9d7a64035d9634ecf4e6d4414da02 +SIZE (pv-0.8.5.tar.gz) =3D 94927 +MD5 (pv-0.8.5.tar.gz.asc) =3D c233f04e23a30745ff02e013805c42c3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAm/02SypIl9OdoOMRAsl4AJ0QgmVJ3FFsMztQ1QfXF910Yy4dAQCfaWta IkUXkIhiypi0imD9Zo7I6LA=3D =3DtR0G -----END PGP SIGNATURE----- --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 --T/jJD8id/FoUX/L7 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAm/9qSypIl9OdoOMRArBoAJ9GIHDsDDFAmhRqbiq5OB9HRhzRYQCeMhyK SgsDm6Mpl2XdZjHHSkSUP0E= =k60s -----END PGP SIGNATURE----- --T/jJD8id/FoUX/L7--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040507212811.GO10980>