From owner-cvs-all@FreeBSD.ORG  Tue Oct  4 12:11:02 2011
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0A7A11065672;
	Tue,  4 Oct 2011 12:11:02 +0000 (UTC)
	(envelope-from gabor@FreeBSD.org)
Received: from server.mypc.hu (server.mypc.hu [87.229.73.95])
	by mx1.freebsd.org (Postfix) with ESMTP id B3A068FC0A;
	Tue,  4 Oct 2011 12:11:01 +0000 (UTC)
Received: from server.mypc.hu (localhost [127.0.0.1])
	by server.mypc.hu (Postfix) with ESMTP id 9E06D14E61B5;
	Tue,  4 Oct 2011 13:53:00 +0200 (CEST)
X-Virus-Scanned: amavisd-new at server.mypc.hu
Received: from server.mypc.hu ([127.0.0.1])
	by server.mypc.hu (server.mypc.hu [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id u10tkOHeiR_t; Tue,  4 Oct 2011 13:52:58 +0200 (CEST)
Received: from [192.168.1.106] (catv-80-98-232-12.catv.broadband.hu
	[80.98.232.12])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by server.mypc.hu (Postfix) with ESMTPSA id 35DDE14E616A;
	Tue,  4 Oct 2011 13:52:58 +0200 (CEST)
Message-ID: <4E8AF399.1060601@FreeBSD.org>
Date: Tue, 04 Oct 2011 13:52:57 +0200
From: Gabor Kovesdan <gabor@FreeBSD.org>
User-Agent: Mozilla/5.0 (Windows NT 5.1;
	rv:10.0a1) Gecko/20110930 Thunderbird/10.0a1
MIME-Version: 1.0
To: Doug Barton <dougb@FreeBSD.org>
References: <201110031305.p93D5K3x082695@repoman.freebsd.org>
	<4E8A0449.1020303@FreeBSD.org>
In-Reply-To: <4E8A0449.1020303@FreeBSD.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org,
	Boris Samorodov <bsam@FreeBSD.org>, ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/mail/imaptools distinfo
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 04 Oct 2011 12:11:02 -0000

On 2011.10.03. 20:51, Doug Barton wrote:
> Confirming with the author is fine, but did you compare the old and new
> distfiles yourself? If so, what changed?
Don't take my comment personally, I just picked this particular mail to 
reply to. I have never understood why such issues have been taken so 
seriously. Imo, if the author confirms the change that should be enough. 
If we had audited the initial port and each new upgrade, a stricter 
check would make sense but we don't do that so the port can still have 
malicious code from earlier versions (e.g. irc/unreal did [1]). 
Verifying just one diff between two distfiles does not guarantee safe 
and sane code.

Cheers,
Gabor

[1] http://forums.unrealircd.com/viewtopic.php?t=6562