From owner-cvs-all@FreeBSD.ORG  Mon Oct 24 01:50:42 2011
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@freebsd.org
Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35])
	by hub.freebsd.org (Postfix) with ESMTP id 2252B10656A3;
	Mon, 24 Oct 2011 01:50:42 +0000 (UTC)
	(envelope-from dougb@FreeBSD.org)
Received: from 172-17-198-245.globalsuite.net (hub.freebsd.org
	[IPv6:2001:4f8:fff6::36])
	by mx2.freebsd.org (Postfix) with ESMTP id 8AF861A734D;
	Mon, 24 Oct 2011 01:50:38 +0000 (UTC)
Message-ID: <4EA4C46E.6050704@FreeBSD.org>
Date: Sun, 23 Oct 2011 18:50:38 -0700
From: Doug Barton <dougb@FreeBSD.org>
Organization: http://SupersetSolutions.com/
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64;
	rv:7.0.1) Gecko/20111001 Thunderbird/7.0.1
MIME-Version: 1.0
To: Eitan Adler <eadler@freebsd.org>
References: <201110231316.p9NDGJRw009744@repoman.freebsd.org>
	<CABhnLuiB-g65Z18oEUmW6nPvtA46bsh0AAHx+j+_MyewbGJF=g@mail.gmail.com>
	<CAF6rxgn8c7mm=cARn2a=qMkGkQD_jZrp9Z8uBYkUTWzTPF03kA@mail.gmail.com>
	<20111024005553.GB92862@FreeBSD.org>
	<CAF6rxgkT-RHuMirGGhmRFJQQmw=1u4k70qHkF4pCrYu5bfgYEA@mail.gmail.com>
In-Reply-To: <CAF6rxgkT-RHuMirGGhmRFJQQmw=1u4k70qHkF4pCrYu5bfgYEA@mail.gmail.com>
X-Enigmail-Version: undefined
OpenPGP: id=1A1ABC84
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: Alexey Dokuchaev <danfe@freebsd.org>, samm@os2.kiev.ua, miwi@freebsd.org,
	cvs-all@freebsd.org, ports-committers@freebsd.org, cvs-ports@freebsd.org
Subject: Re: cvs commit: ports/sysutils/smartmontools distinfo
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 Oct 2011 01:50:42 -0000

On 10/23/2011 18:44, Eitan Adler wrote:
> 2011/10/23 Alexey Dokuchaev <danfe@freebsd.org>:
>> That's nice to know, but our bylaws require manual verification of the
>> contents of two distfiles when they change with no apparent reason (that is,
>> version stays the same) and presenting results in the commit log.
> 
> I checked the GPG signature of the file I downloaded. I was made aware
> that I should have included some indication of such in the commit log
> and will do so in the future.
> 
>> It (not doing so) had bitten us before, ARAIR.
> 
> As a security researcher who has found issues before in various open
> source projects, I fully understand the concern.

All that is great, but IMO still inadequate.

If the original 5.42 distfile is not available (and hopefully the
maintainer has it?), then comparing the new 5.42 to 5.41 would be a good
next step.


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/