From owner-freebsd-ports@freebsd.org  Mon Mar 12 20:42:49 2018
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id EE9C4F46D10
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Mon, 12 Mar 2018 20:42:48 +0000 (UTC) (envelope-from adamw@adamw.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 7E17870F54
 for <freebsd-ports@freebsd.org>; Mon, 12 Mar 2018 20:42:48 +0000 (UTC)
 (envelope-from adamw@adamw.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id 3FA90F46CF5; Mon, 12 Mar 2018 20:42:48 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CC9BF46CEE;
 Mon, 12 Mar 2018 20:42:48 +0000 (UTC) (envelope-from adamw@adamw.org)
Received: from apnoea.adamw.org (apnoea.adamw.org [104.225.5.94])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "apnoea.adamw.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 8C5FB70ED0;
 Mon, 12 Mar 2018 20:42:44 +0000 (UTC) (envelope-from adamw@adamw.org)
Received: by apnoea.adamw.org (OpenSMTPD) with ESMTPSA id fe1abcd5
 TLS version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO;
 Mon, 12 Mar 2018 14:42:36 -0600 (MDT)
Content-Type: text/plain;
	charset=utf-8;
	delsp=yes;
	format=flowed
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
Subject: Re: sysutils/ipfs-go downloads pre-built binaries while sources are
 available
From: Adam Weinberger <adamw@adamw.org>
In-Reply-To: <d69ab122-00be-6ed5-cd01-673003700695@rawbw.com>
Date: Mon, 12 Mar 2018 14:42:34 -0600
Cc: "ports@freebsd.org" <ports@freebsd.org>,
 ports-secteam@FreeBSD.org
Content-Transfer-Encoding: 8bit
Message-Id: <B7C49CA0-0C1C-4829-ABE1-FA0629FC355C@adamw.org>
References: <d69ab122-00be-6ed5-cd01-673003700695@rawbw.com>
To: Yuri <yuri@rawbw.com>
X-Mailer: Apple Mail (2.3445.5.20)
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 20:42:49 -0000

> On 12 Mar, 2018, at 11:30, Yuri <yuri@rawbw.com> wrote:
>
> There should be no reason to download prebuilt executables for open  
> source software. Binaries present security risk.
>
> It violates chapter 5.4 of PHB which mentions that MASTER_SITES/DISTNAME  
> refers to "source archive", and for sysutils/ipfs-go it isn't a source  
> archive.
>
>
> This port should be either deleted or reworked.

While source is preferred over binary, we don’t delete ports just because  
they have binary blobs.

# Adam


--
Adam Weinberger
adamw@adamw.org
http://www.adamw.org