Date: Mon, 23 Jul 2001 11:17:57 +0400 From: "Dmitry S. Sivachenko" <dima@Chg.RU> To: Kris Kennaway <kris@obsecurity.org> Cc: Warner Losh <imp@harmony.village.org>, "Dmitry S. Sivachenko" <dima@Chg.RU>, Mario Sergio Fujikawa Ferreira <lioux@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/games/hlserver-wasteland Makefile distinfo Message-ID: <20010723111757.B23079@netserv1.chg.ru> In-Reply-To: <20010722234955.A96953@xor.obsecurity.org>; from kris@obsecurity.org on Sun, Jul 22, 2001 at 11:49:56PM -0700 References: <20010723100327.A19055@netserv1.chg.ru> <200107212120.f6LLKq561496@freefall.freebsd.org> <20010721144135.A90359@xor.obsecurity.org> <20010723100327.A19055@netserv1.chg.ru> <200107230626.f6N6QGo87352@harmony.village.org> <20010722234955.A96953@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Jul 22, 2001 at 11:49:56PM -0700, Kris Kennaway wrote: > On Mon, Jul 23, 2001 at 12:26:16AM -0600, Warner Losh wrote: > > In message <20010723100327.A19055@netserv1.chg.ru> "Dmitry S. Sivachenko" writes: > > : If you trust the distfile with version bump (you do, I think), > > : there is no reason to pay special attention to distfile without version bump, > > : IMHO. > > > > Because people generally audit the version bumbs more, notice rogue > > versions more, etc. Silently replacing foo-1.1.tar.gz with > > foo-1.1.tar.gz has been used in the past to introduce trojan horses. > > Kris is trying to guard against that. > > Yes; basically, it's considered more likely that unauthorised security > holes will show up in a distfile which is changed with no version > change than one which changes as part of a new version release. In an > ideal world, we'd audit all port upgrades, but resources are very > finite so we make do as best we can by covering the most dangerous > cases. > OK, noted. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010723111757.B23079>