From owner-freebsd-ports@FreeBSD.ORG  Tue Feb 17 13:58:55 2004
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9B30616A4CF
	for <freebsd-ports@FreeBSD.org>; Tue, 17 Feb 2004 13:58:55 -0800 (PST)
Received: from pm1.ric-05.lft.widomaker.com (pm1.ric-05.lft.widomaker.com
	[209.96.189.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C244843D1D
	for <freebsd-ports@FreeBSD.org>;
	Tue, 17 Feb 2004 13:58:53 -0800 (PST)
	(envelope-from jason@pm1.ric-05.lft.widomaker.com)
Received: (from jason@localhost)
	by pm1.ric-05.lft.widomaker.com (8.12.11/8.12.10) id i1HLwp9A078155
	for freebsd-ports@FreeBSD.org; Tue, 17 Feb 2004 16:58:51 -0500 (EST)
Resent-Message-Id: <200402172158.i1HLwp9A078155@pm1.ric-05.lft.widomaker.com>
X-Mail-Format-Warning: Bad RFC2822 header formatting in >From jharris  Tue Feb
	17 15:10:38 2004
Received: from [204.17.220.7] (helo=mxin.widomaker.com)
	by wilma.widomaker.com with esmtp (Exim 3.36 #1)
	id 1AtBYE-0001sq-00
	for jharris@wilma.widomaker.com; Tue, 17 Feb 2004 15:10:38 -0500
Received: from pm1.ric-18.lft.widomaker.com ([209.96.189.34])
	by mxin.widomaker.com with esmtp (Exim 4.30; FreeBSD)
	id 1AtBY7-000JJ6-59
	for jharris@widomaker.com; Tue, 17 Feb 2004 15:10:31 -0500
Received: (from jason@localhost)
	by pm1.ric-18.lft.widomaker.com (8.12.11/8.12.10) id i1HKABFQ077953;
	Tue, 17 Feb 2004 15:10:11 -0500 (EST)
Date: Tue, 17 Feb 2004 15:10:07 -0500
From: Jason Harris <jharris@widomaker.com>
To: Michael Nottebrock <michaelnottebrock@gmx.net>
Message-ID: <20040217201007.GK360@pm1.ric-05.lft.widomaker.com>
References: <200402091336.i19Da8nQ019809@repoman.freebsd.org>
	<200402171404.30701.michaelnottebrock@gmx.net> <xzpr7wtn98t.fsf@dwp.des.no>
	<200402171420.47274.michaelnottebrock@gmx.net>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="Rm5rkB9L8kG9H2n8"
Content-Disposition: inline
In-Reply-To: <200402171420.47274.michaelnottebrock@gmx.net>
User-Agent: Mutt/1.4.1i
X-Spam-Score: -4.9 (----)
X-Spam-Status: No, hits=-1.8 required=8.0
	tests=EMAIL_ATTRIBUTION,PGP_SIGNATURE_2,SPAM_PHRASE_00_01,
	      USER_AGENT,USER_AGENT_MUTT
	version=2.41
X-Spam-Level: 
Resent-From: jharris@widomaker.com
Resent-Date: Tue, 17 Feb 2004 16:58:50 -0500
Resent-To: freebsd-ports@FreeBSD.org
cc: ports@FreeBSD.org
cc: cvs-ports@FreeBSD.org
cc: Jason Harris <jharris@widomaker.com>
cc: freebsd-security@FreeBSD.org
Subject: Re: cvs commit: ports/devel/tmake Makefile distinfo
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Feb 2004 21:58:55 -0000


--Rm5rkB9L8kG9H2n8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Feb 17, 2004 at 02:20:46PM +0100, Michael Nottebrock wrote:

[distfile rerolls]
> I didn't know that I was supposed to perform a security audit and I did n=
ot do=20
> so. So if anyone happens to have the old distfile still around, please se=
nd=20
> it my way, cause I don't. I suggest next time instead of marking a port a=
s=20
> BROKEN=3D Checksum mismatch, mark it as BROKEN=3D Needs security audit so=
 I won't=20
> be tempted to fix it.

Distfile caches are great for this sort of thing.  While updating a
checksum for a distfile wipes out many pre-reroll copies on many FreeBSD
mirrors, there are often copies available on FreeBSD machines that
haven't built the port since the checksum was updated or NetBSD
and/or OpenBSD distfile caches and sometimes even Linux distfile
caches, particularly Gentoo.

I use alltheweb.com, filesearching.com, filewatcher.com (which have FTP
search engines), Google Groups, and Google to search for the MD5 hashes
and the names of distfiles I want to track down.  filesearching.com
can display file sizes in bytes and filewatcher.com embeds the byte counts
in some URLs it generates, making it easy to discern which distfiles are
(hopefully) identical.

For tmake-1.7.tar.gz, filesearching.com currently reports 30 FTP sites
which have copies of 46518 bytes in length, for example.  At least a
few of these sites should still have the pre-reroll distfile.

Beyond that, I've used pavuk running multiple simultaneous connections
and fetch with -S to scour the 100+ distfile caches from the FTP mirror
sites listed in the FreeBSD Handbook.

--=20
Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web:  http://keyserver.kjsl.com/~jharris/

--Rm5rkB9L8kG9H2n8
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)

iD8DBQFAMnUeSypIl9OdoOMRAkp/AKDUYtsTKpN+J4FXAR1V6LDDmQd1UgCgrjdX
KQVuMOe1U9clWc2M5fFmCPg=
=wh1u
-----END PGP SIGNATURE-----

--Rm5rkB9L8kG9H2n8--