From owner-freebsd-ports@FreeBSD.ORG Tue Nov 10 22:39:31 2009 Return-Path: Delivered-To: ports@freebsd.org Received: from straylight.ringlet.net (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by hub.freebsd.org (Postfix) with SMTP id 7026D1065679 for ; Tue, 10 Nov 2009 22:39:30 +0000 (UTC) (envelope-from roam@ringlet.net) Received: (qmail 1812 invoked by uid 1000); 10 Nov 2009 22:39:14 -0000 Date: Wed, 11 Nov 2009 00:39:14 +0200 From: Peter Pentchev To: ports@freebsd.org Message-ID: <20091110223914.GA1288@straylight.m.ringlet.net> References: <4AF897A4.3070408@delphij.net> <20091109225232.GA34294@lor.one-eyed-alien.net> <20091110103228.GA1139@straylight.m.ringlet.net> <20091110181240.33a78db4@gumby.homeunix.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="ZPt4rx8FFjLCG7dd" Content-Disposition: inline In-Reply-To: <20091110181240.33a78db4@gumby.homeunix.com> User-Agent: Mutt/1.5.20 (2009-06-14) Cc: Subject: Re: RFC: svn for make fetch X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Nov 2009 22:39:31 -0000 --ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 10, 2009 at 06:12:40PM +0000, RW wrote: > On Tue, 10 Nov 2009 12:32:28 +0200 > Peter Pentchev wrote: >=20 >=20 > > The Ports Collection's distfile checksums make sure that you get > > exactly the same files *as the port maintainer examined at some > > previous moment in time*. >=20 > More importantly it guards against maliciously modified source code. > Someone might break into a legitimate mirror or use dns poisoning to > distribute malware. That's the whole point :) That's also why the maintainer is supposed to examine the files before submitting (or committing) a port update - to guard against source code that has been maliciously modified on the master sites (or on fake master sites that the maintainer has been redirected to). G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@space.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 If wishes were fishes, the antecedent of this conditional would be true. --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) iQIcBAEBCgAGBQJK+euSAAoJEGUe77AlJ98TGHAP/3AlHNJ31BaVvAnJX+GvIYbn AcnE9FQUwuhyB40xPDn5x9SpDvTZ4X3BMqm6KP66TKOxO2TJfbZrTa1WEckvZQUB DhW/2YzWBo/QTeRfRNicPXWLGyaxEs5bF9lQF6Zq0fXttvxvUl9KVHmSFb3a+1On /h94PQcFTW4Yzx90YblRSIcy+pqL5NbAKUJkReaqt1Xu+iDd/F50ZMt9JvyUB4+K CB3JhXSH4vdFn7LwlLB7ioG+5TdtMvqxlNL0yoALIDhRFOigLKrZMW7jISGbDHAq nJ0fxl4mdBRHIKHKMEf3MhjZfjbYd9BmDfROIfDcne+2MVv5bF9IQWea/+YIwjTB tv6Ac7fSbjYwUyFef28AEZKNyWGcO40Mk/iIbmB0XhOTb1KjsVgeHeo0e9ekh+2P rWo4bYVOs6fIFxVHUG50OvIZaRtyU5Wth9hLqLQ9H4VOrz0hGw3nMtiICumIF5b3 TbQpdeF+StWSbr93vpiuwrexXNqj0cXgBJks1I35IMSjP3rqWcK65KEYEwVUlMe4 /xVq3I/nWXTmHBchI/ShxxG1Ol1PKVOOXXVZz0IKArHqvem/fkU0h+Typek+ithp nXO9U6lMPDQpkmYfAnKphjcmIoi8dZoSJWs9mv9P2o2f3joTKqsmejBoph+qTZH0 fL6AOK6hCR9QWfgwkCCN =zydW -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd--