Date: Mon, 23 Jul 2001 00:26:16 -0600 From: Warner Losh <imp@harmony.village.org> To: "Dmitry S. Sivachenko" <dima@Chg.RU> Cc: Kris Kennaway <kris@obsecurity.org>, Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/games/hlserver-wasteland Makefile distinfo Message-ID: <200107230626.f6N6QGo87352@harmony.village.org> In-Reply-To: Your message of "Mon, 23 Jul 2001 10:03:28 %2B0400." <20010723100327.A19055@netserv1.chg.ru> References: <20010723100327.A19055@netserv1.chg.ru> <200107212120.f6LLKq561496@freefall.freebsd.org> <20010721144135.A90359@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <20010723100327.A19055@netserv1.chg.ru> "Dmitry S. Sivachenko" writes: : If you trust the distfile with version bump (you do, I think), : there is no reason to pay special attention to distfile without version bump, : IMHO. Because people generally audit the version bumbs more, notice rogue versions more, etc. Silently replacing foo-1.1.tar.gz with foo-1.1.tar.gz has been used in the past to introduce trojan horses. Kris is trying to guard against that. Warner To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200107230626.f6N6QGo87352>