From owner-svn-ports-head@FreeBSD.ORG Sun Aug 18 22:34:42 2013 Return-Path: Delivered-To: svn-ports-head@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id D562D6B5 for ; Sun, 18 Aug 2013 22:34:42 +0000 (UTC) (envelope-from bdrewery@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 9CE0920E8 for ; Sun, 18 Aug 2013 22:34:42 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id r7IMYgNC033898 for ; Sun, 18 Aug 2013 22:34:42 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.7/8.14.7/Submit) id r7IMYg4x033891 for svn-ports-head@freebsd.org; Sun, 18 Aug 2013 22:34:42 GMT (envelope-from bdrewery) Received: (qmail 63325 invoked from network); 18 Aug 2013 17:34:40 -0500 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 18 Aug 2013 17:34:40 -0500 Message-ID: <52114BFE.3010302@FreeBSD.org> Date: Sun, 18 Aug 2013 17:34:38 -0500 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130801 Thunderbird/17.0.8 MIME-Version: 1.0 To: marino@freebsd.org Subject: Re: svn commit: r324901 - head/biology/tinker References: <201308181138.r7IBcZdA083649@svn.freebsd.org> <5210C446.8080908@FreeBSD.org> <521116E3.7030403@marino.st> In-Reply-To: <521116E3.7030403@marino.st> X-Enigmail-Version: 1.5.2 OpenPGP: id=3C9B0CF9; url=http://www.shatow.net/bryan/bryan.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="XgRdLPBIt06qp2IeDoR7req3Axcr3teSK" Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, John Marino , ports-committers@freebsd.org X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Aug 2013 22:34:43 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --XgRdLPBIt06qp2IeDoR7req3Axcr3teSK Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 8/18/2013 1:48 PM, John Marino wrote: > On 8/18/2013 14:55, Bryan Drewery wrote: >> On 8/18/2013 6:38 AM, John Marino wrote: >>> Author: marino >>> Date: Sun Aug 18 11:38:34 2013 >>> New Revision: 324901 >>> URL: http://svnweb.freebsd.org/changeset/ports/324901 >>> >>> Log: >>> biology/tinker: Regenerate distinfo to unbreak fetch >>> =20 >>> Apparently the distfile was rerolled. The sizes of the file are on= ly a few >>> bytes apart. Since the master site never changed, it's reasonable = just to >>> regenerate the distinfo and bump the PORTREVISION. >>> =20 >> >> *exactly* what changed is needed to be known before we update the >> distinfo. Did you do a comparison between the two tarballs? >=20 > As I mentioned in the commit message, I couldn't obtain the first > version. I didn't have it in any cache. Perhaps only the submitter of= > the PR 180518 could have done this. I read the message the first time and it's not a valid justification. The size could be the same (and different checksum) and have a backdoor. >=20 > However, after committing, I realized I could have compared 6.2.06 with= > the previous version 6.2.05 which I did have. In any case, the tarball= > is from the same master site and this port has been broken for more 30 > days. Had the tarball been compromised, it very likely would have been= > caught in such a long time. So do we trust the site or not? We trust nothing. Upstreams can be compromised for *years* and not be kno= wn. >=20 > John >=20 --=20 Regards, Bryan Drewery --XgRdLPBIt06qp2IeDoR7req3Axcr3teSK Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSEUv+AAoJEG54KsA8mwz5kqsP/3MFGvey0T+pxF7nGpIUgRS2 E6+JZrf5gnzu7Ws/QN7vTAGEINhWWBST4dXDcS+imqOU1iXhTvBBGVNzImcEtngP NsRvk4yWkV/HD4rUgXmjauYh/e2YUoOdc/K9g8iFNAbg8VKwleqZu/AkNoYYECqx SZxS39ZxOp+0Mazx+4TzW9UakiEujGaME7GjOZj3kPfzkr6ms94ojRVafBXsmyGH rNBVJSWR4pIfMLYBfLURXCbaz75C2r/aDC0T/kNkyFGd8eNbkfMOJSx0LxasNjC3 pGDv+SmaMJEB/110mrSO7W4v5J/Lpp4ZO2QL+H/yHxgUNHJmV2M5/rM0Gbc0vSd1 +SO1ADGTCHd37W3rlumWj0vtyI2flBQfBfTa+xcv4C8jRCaxCE09B8/JmAZ1U/Ud L7/8JaXHa6eYHdTxtUIShhGFiYjxdjRhYmSUqcEceD8ubE1wF4il9DaRr64T+mW/ PuAT/pseUhMRp0BsXG+brhKVUKEgWq0j8i/3DptyTFaLPBFT0ZodyoigOa77Cc1O aUHWG4ydSFbayonVOloxDs/VSYw4xqKEiKD5T4BfQFPLM3upOMR1JtOzWojzg2Qd dBr3cPA+/YH/984h6rqmOSDA31fnCoyAZg8XXC+tTOpZDV5ZshuM0KPeo5wGgn+v dfr6IWaD1TmQo+CQSqdY =11+n -----END PGP SIGNATURE----- --XgRdLPBIt06qp2IeDoR7req3Axcr3teSK--