From owner-freebsd-ports@FreeBSD.ORG Mon May 28 16:37:52 2012 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 04C42106566B for ; Mon, 28 May 2012 16:37:52 +0000 (UTC) (envelope-from jhelfman@e-e.com) Received: from mail.dw.redsrci.com (mail.pub.dw.redsrci.com [72.29.183.251]) by mx1.freebsd.org (Postfix) with ESMTP id CF5B38FC1B for ; Mon, 28 May 2012 16:37:50 +0000 (UTC) Received: from mail.dw.redsrci.com (localhost [127.0.0.1]) by mail.dw.redsrci.com (Postfix) with ESMTP id 731366EE744; Mon, 28 May 2012 09:29:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=e-e.com; h= content-transfer-encoding:content-type:content-type:mime-version :user-agent:from:from:subject:subject:date:date:references :in-reply-to:message-id:received:received:received; s=ee; t= 1338222576; x=1340036976; bh=pbLH0gr36OM7hNoupnCcDdr+I2x8bnwAm0r 5AnzzFMU=; b=qZzg1zg1+4hnDs0pz2RLM4JEr/P1l6eqQ8iMUf7BIYqphFX0R4t o2gz8MOp7O+OD+7R5dkfD761vZl5FLG5fpgAj+fzZKCUp4jGef7E3ohJpjg39QvA TGHOQLul63tqaSRSCVsCuhd1HNckFWuzdZl8x+/cvcKamaGatHfoaLFY= X-Virus-Scanned: amavisd-new at experts-exchange.com Received: from mail.dw.redsrci.com ([127.0.0.1]) by mail.dw.redsrci.com (mail.dw.redsrci.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dkS8cPthkRxT; Mon, 28 May 2012 09:29:36 -0700 (PDT) Received: from mail.experts-exchange.com (localhost [127.0.0.1]) by mail.dw.redsrci.com (Postfix) with ESMTP id 32BCA6EE730; Mon, 28 May 2012 09:29:36 -0700 (PDT) Received: from 66.122.76.184 (SquirrelMail authenticated user jhelfman) by mail.experts-exchange.com with HTTP; Mon, 28 May 2012 09:29:36 -0700 Message-ID: In-Reply-To: <4FC387A9.5070700@missouri.edu> References: <20120526090137.001691dc@scorpio> <4FC0F8EA.1090005@missouri.edu> <4FC11B66.9000302@missouri.edu> <4b8eeb05337b220f301268ce014a159d@anthesphoria.net> <4FC2D159.4050801@missouri.edu> <4FC387A9.5070700@missouri.edu> Date: Mon, 28 May 2012 09:29:36 -0700 From: "Jason Helfman" To: "Stephen Montgomery-Smith" User-Agent: SquirrelMail/1.4.20 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: Eitan Adler , sam.lin4ml@gmail.com, nikola.lecic@anthesphoria.net, freebsd-ports@freebsd.org, re Subject: Re: Request to review: print/texlive-install X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 28 May 2012 16:37:52 -0000 > On 05/27/2012 09:19 PM, Eitan Adler wrote: >> On 27 May 2012 18:14, Stephen Montgomery-Smith >> wrote: >>> There are a number of issues. In particular there is no checksum >>> calculated >>> for install-tl-unx.tar.gz because I suspect that it changes very often. >> >> This is a security risk and must not be committed as is. > > How about if I add lines like this: > > .if !defined(IGNORE_SECURITY_RISK) > IGNORE= has a security risk because it downloads a file \ > without a checksum. Define IGNORE_SECURITY_RISK to build this port > .endif > > Would it be considered OK to commit it then? Does the code look for a particular location for this file to exist before attempting to download it? If not, can it be patched, to do so? If so, it can be added as a distfile, and put into a location where the build will find it. If this can be done, there wouldn't be a security risk, assuming no other files are downloaded post-fetch. -jgh