From owner-cvs-all@FreeBSD.ORG  Mon Oct 24 01:47:33 2011
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 4B475106564A;
	Mon, 24 Oct 2011 01:47:33 +0000 (UTC)
	(envelope-from lists@eitanadler.com)
Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com
	[74.125.82.182])
	by mx1.freebsd.org (Postfix) with ESMTP id 3A1248FC08;
	Mon, 24 Oct 2011 01:47:31 +0000 (UTC)
Received: by wyi40 with SMTP id 40so7303897wyi.13
	for <multiple recipients>; Sun, 23 Oct 2011 18:47:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=eitanadler.com; s=0xdeadbeef;
	h=mime-version:sender:in-reply-to:references:from:date
	:x-google-sender-auth:message-id:subject:to:cc:content-type;
	bh=PlE0Z1ID/Jov1ChNKPZjJ984uGd87EqJFNzy+bPuoX8=;
	b=Je9cfUdi9YjDM2Vj1s4gGX/1GxidMHRD8k+gIje2SxdCI7MhN9ULgOuCI3bsn8Xt+b
	bp7rWM3bAHLox6E0PR3tI37YAsk+CBR/tZo5+BDs1oyt2Q9Ev/G6oi/pkuoF7PvcMv9V
	JRvZbIG7CPsMibmVE0CVQk9LIN4N+PXqcTSYY=
Received: by 10.227.61.80 with SMTP id s16mr8474763wbh.73.1319420827307; Sun,
	23 Oct 2011 18:47:07 -0700 (PDT)
MIME-Version: 1.0
Sender: lists@eitanadler.com
Received: by 10.227.55.133 with HTTP; Sun, 23 Oct 2011 18:44:47 -0700 (PDT)
In-Reply-To: <20111024005553.GB92862@FreeBSD.org>
References: <201110231316.p9NDGJRw009744@repoman.freebsd.org>
	<CABhnLuiB-g65Z18oEUmW6nPvtA46bsh0AAHx+j+_MyewbGJF=g@mail.gmail.com>
	<CAF6rxgn8c7mm=cARn2a=qMkGkQD_jZrp9Z8uBYkUTWzTPF03kA@mail.gmail.com>
	<20111024005553.GB92862@FreeBSD.org>
From: Eitan Adler <eadler@freebsd.org>
Date: Sun, 23 Oct 2011 21:44:47 -0400
X-Google-Sender-Auth: 2IckYawRBvgVO6BUs18y4vLBsB0
Message-ID: <CAF6rxgkT-RHuMirGGhmRFJQQmw=1u4k70qHkF4pCrYu5bfgYEA@mail.gmail.com>
To: Alexey Dokuchaev <danfe@freebsd.org>
Content-Type: text/plain; charset=UTF-8
Cc: cvs-ports@freebsd.org, ports-committers@freebsd.org, cvs-all@freebsd.org,
	miwi@freebsd.org
Subject: Re: cvs commit: ports/sysutils/smartmontools distinfo
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 01:47:33 -0000

2011/10/23 Alexey Dokuchaev <danfe@freebsd.org>:
> That's nice to know, but our bylaws require manual verification of the
> contents of two distfiles when they change with no apparent reason (that is,
> version stays the same) and presenting results in the commit log.

I checked the GPG signature of the file I downloaded. I was made aware
that I should have included some indication of such in the commit log
and will do so in the future.

> It (not doing so) had bitten us before, ARAIR.

As a security researcher who has found issues before in various open
source projects, I fully understand the concern.


-- 
Eitan Adler
Ports committer
X11, Bugbusting teams