Date: Wed, 11 Nov 2009 00:39:14 +0200 From: Peter Pentchev <roam@ringlet.net> To: ports@freebsd.org Subject: Re: RFC: svn for make fetch Message-ID: <20091110223914.GA1288@straylight.m.ringlet.net> In-Reply-To: <20091110181240.33a78db4@gumby.homeunix.com> References: <a0777e080911080731w461e6733peb0a5473acf07aa8@mail.gmail.com> <4AF897A4.3070408@delphij.net> <20091109225232.GA34294@lor.one-eyed-alien.net> <a0777e080911092251r3dd39303q4f309aaf4076daf@mail.gmail.com> <20091110103228.GA1139@straylight.m.ringlet.net> <20091110181240.33a78db4@gumby.homeunix.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--ZPt4rx8FFjLCG7dd Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Nov 10, 2009 at 06:12:40PM +0000, RW wrote: > On Tue, 10 Nov 2009 12:32:28 +0200 > Peter Pentchev <roam@ringlet.net> wrote: >=20 >=20 > > The Ports Collection's distfile checksums make sure that you get > > exactly the same files *as the port maintainer examined at some > > previous moment in time*. >=20 > More importantly it guards against maliciously modified source code. > Someone might break into a legitimate mirror or use dns poisoning to > distribute malware. That's the whole point :) That's also why the maintainer is supposed to examine the files before submitting (or committing) a port update - to guard against source code that has been maliciously modified on the master sites (or on fake master sites that the maintainer has been redirected to). G'luck, Peter --=20 Peter Pentchev roam@ringlet.net roam@space.bg roam@FreeBSD.org PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13 If wishes were fishes, the antecedent of this conditional would be true. --ZPt4rx8FFjLCG7dd Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.13 (FreeBSD) iQIcBAEBCgAGBQJK+euSAAoJEGUe77AlJ98TGHAP/3AlHNJ31BaVvAnJX+GvIYbn AcnE9FQUwuhyB40xPDn5x9SpDvTZ4X3BMqm6KP66TKOxO2TJfbZrTa1WEckvZQUB DhW/2YzWBo/QTeRfRNicPXWLGyaxEs5bF9lQF6Zq0fXttvxvUl9KVHmSFb3a+1On /h94PQcFTW4Yzx90YblRSIcy+pqL5NbAKUJkReaqt1Xu+iDd/F50ZMt9JvyUB4+K CB3JhXSH4vdFn7LwlLB7ioG+5TdtMvqxlNL0yoALIDhRFOigLKrZMW7jISGbDHAq nJ0fxl4mdBRHIKHKMEf3MhjZfjbYd9BmDfROIfDcne+2MVv5bF9IQWea/+YIwjTB tv6Ac7fSbjYwUyFef28AEZKNyWGcO40Mk/iIbmB0XhOTb1KjsVgeHeo0e9ekh+2P rWo4bYVOs6fIFxVHUG50OvIZaRtyU5Wth9hLqLQ9H4VOrz0hGw3nMtiICumIF5b3 TbQpdeF+StWSbr93vpiuwrexXNqj0cXgBJks1I35IMSjP3rqWcK65KEYEwVUlMe4 /xVq3I/nWXTmHBchI/ShxxG1Ol1PKVOOXXVZz0IKArHqvem/fkU0h+Typek+ithp nXO9U6lMPDQpkmYfAnKphjcmIoi8dZoSJWs9mv9P2o2f3joTKqsmejBoph+qTZH0 fL6AOK6hCR9QWfgwkCCN =zydW -----END PGP SIGNATURE----- --ZPt4rx8FFjLCG7dd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20091110223914.GA1288>