From owner-freebsd-ports@freebsd.org  Mon Mar 12 20:55:21 2018
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 81A8EF49D1B
 for <freebsd-ports@mailman.ysv.freebsd.org>;
 Mon, 12 Mar 2018 20:55:21 +0000 (UTC) (envelope-from yuri@rawbw.com)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 180DB71E17
 for <freebsd-ports@freebsd.org>; Mon, 12 Mar 2018 20:55:21 +0000 (UTC)
 (envelope-from yuri@rawbw.com)
Received: by mailman.ysv.freebsd.org (Postfix)
 id C9CC2F49D10; Mon, 12 Mar 2018 20:55:20 +0000 (UTC)
Delivered-To: ports@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B6F6FF49D0B;
 Mon, 12 Mar 2018 20:55:20 +0000 (UTC) (envelope-from yuri@rawbw.com)
Received: from shell1.rawbw.com (shell1.rawbw.com [198.144.192.42])
 by mx1.freebsd.org (Postfix) with ESMTP id 30D3C71E16;
 Mon, 12 Mar 2018 20:55:19 +0000 (UTC) (envelope-from yuri@rawbw.com)
Received: from yv.noip.me (c-24-4-131-132.hsd1.ca.comcast.net [24.4.131.132])
 (authenticated bits=0)
 by shell1.rawbw.com (8.15.1/8.15.1) with ESMTPSA id w2CKtBu0006768
 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO);
 Mon, 12 Mar 2018 13:55:12 -0700 (PDT) (envelope-from yuri@rawbw.com)
X-Authentication-Warning: shell1.rawbw.com: Host
 c-24-4-131-132.hsd1.ca.comcast.net [24.4.131.132] claimed to be yv.noip.me
Subject: Re: sysutils/ipfs-go downloads pre-built binaries while sources are
 available
To: Adam Weinberger <adamw@adamw.org>
Cc: "ports@freebsd.org" <ports@freebsd.org>, ports-secteam@freebsd.org
References: <d69ab122-00be-6ed5-cd01-673003700695@rawbw.com>
 <B7C49CA0-0C1C-4829-ABE1-FA0629FC355C@adamw.org>
From: Yuri <yuri@rawbw.com>
Message-ID: <4f70cd4f-6c19-8651-4362-0db3e3398158@rawbw.com>
Date: Mon, 12 Mar 2018 13:55:10 -0700
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <B7C49CA0-0C1C-4829-ABE1-FA0629FC355C@adamw.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 20:55:21 -0000

On 03/12/18 13:42, Adam Weinberger wrote:
> While source is preferred over binary, we don’t delete ports just 
> because they have binary blobs. 


Binary downloads have an entirely different trust model. You have to 
trust the producer of the binary, vs. with source code it is much more 
obvious what does it do. Neglect or misunderstanding of this difference 
leads to rampant spread of malware on Windows and cell phones.


Yuri