From owner-svn-ports-head@freebsd.org Fri Jul 3 23:15:07 2015 Return-Path: Delivered-To: svn-ports-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9423994152; Fri, 3 Jul 2015 23:15:07 +0000 (UTC) (envelope-from osa@freebsd.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) by mx1.freebsd.org (Postfix) with ESMTP id BC1281AB0; Fri, 3 Jul 2015 23:15:07 +0000 (UTC) (envelope-from osa@freebsd.org) Received: by freefall.freebsd.org (Postfix, from userid 975) id BB27619C6; Fri, 3 Jul 2015 23:15:07 +0000 (UTC) Date: Fri, 3 Jul 2015 23:15:07 +0000 From: "Sergey A. Osokin" To: Kubilay Kocak Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r391254 - in head/www: nginx nginx-devel Message-ID: <20150703231507.GC24716@FreeBSD.org> References: <201507031644.t63GixME014247@repo.freebsd.org> <20150703172909.GB24716@FreeBSD.org> <5596CE3C.5000801@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Disposition: inline In-Reply-To: <5596CE3C.5000801@FreeBSD.org> User-Agent: Mutt/1.5.23 (2014-03-12) X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 03 Jul 2015 23:15:07 -0000 On Sat, Jul 04, 2015 at 04:02:36AM +1000, Kubilay Kocak wrote: > On 4/07/2015 3:29 AM, Sergey A. Osokin wrote: > > Dear Kubilay, > > > > I didn't approve this change, so, I have at least two questions here: > > I believe the tag was moved 11 days ago and the issue (PR) created 7 > days ago. A number of users had reported the issue today as ongoing, > which is when I found the bugzilla issue. I had assumed you weren't > otherwise available and wanted to help. Have you asked those users to add "+1" to PR 201129? > > 1. have you checked what actually has been changed? Is there any chance to see > > the diff between old distro and new one? > > I did not, I considered it the same as I would have a normal version > bump of a module, except in this case the distinfo checksum mismatch was > caused by upstream moving a tag, not a maintainer forgetting to run makesum. Well, I don't think that this is good idea to commit every change to the "super popular software packages", what I've heard in the PR. The size/SHA256 mismatch in third-party headers_more module has been acquired probably because of the module's author mistake (but I think he thought he did his best): he's changed something in source code after the creation of the release tag. Another version a bit paranoid, but anyway: somebody hacked a github account, committed a troyan, re-created the tag and Kubilay added that troyan into FreeBSD ports tree. Actually this is why I'm asking you to show the changes between versions. In my point of view, I'd highly recommend to ask the module's author about change, create new release with that change. > I don't know how to see how/where a tag was moved between commits, so as > to derive a changeset. > > It would be nice to know if there is a way. > > > 2. the third-party headers_more undefined by default, so PORTREVISION bump > > isn't necessary in this case. > > Understood. I had originally thought that since the distinfo was > packaged, and that the contents was changing, that it may have been > required. -- Sergey A. Osokin osa@FreeBSD.org