From owner-freebsd-ports@FreeBSD.ORG  Fri Dec 18 12:21:27 2009
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id A53B8106566B
	for <freebsd-ports@freebsd.org>; Fri, 18 Dec 2009 12:21:27 +0000 (UTC)
	(envelope-from linimon@lonesome.com)
Received: from mail.soaustin.net (lefty.soaustin.net [66.135.55.46])
	by mx1.freebsd.org (Postfix) with ESMTP id 88CDF8FC12
	for <freebsd-ports@freebsd.org>; Fri, 18 Dec 2009 12:21:27 +0000 (UTC)
Received: by mail.soaustin.net (Postfix, from userid 502)
	id 1309C8C06D; Fri, 18 Dec 2009 06:21:27 -0600 (CST)
Date: Fri, 18 Dec 2009 06:21:27 -0600
From: Mark Linimon <linimon@lonesome.com>
To: Dominic Fandrey <kamikaze@bsdforen.de>
Message-ID: <20091218122126.GB1954@lonesome.com>
References: <4B2A52DB.5020602@bsdforen.de>
	<20091218065728.GC29158@lonesome.com>
	<4B2B681A.1090908@bsdforen.de>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4B2B681A.1090908@bsdforen.de>
User-Agent: Mutt/1.5.18 (2008-05-17)
Cc: freebsd-ports@freebsd.org
Subject: Re: ioquake3 support more platforms
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 18 Dec 2009 12:21:27 -0000

On Fri, Dec 18, 2009 at 12:31:38PM +0100, Dominic Fandrey wrote:
> But that's not different for any port. E.g. sysutils/bsdadminscripts is
> all mine, I create the distfiles and maintain the port, their is no
> guarantee that I don't do evil apart from me being quite certain that
> I don't.

Sure there is.  That's why we have ports committers.  They are supposed
to audit the changes to the port to make sure that the changes are safe.
In particular, I expect that they check that the changes are not so
extensive that they indicate the distributing system has been hacked.

> Why can one assume that an ioquake release is safe? One really cannot.
> It's made by the same people who maintain the non-trustworthy SVN.

There's no such check as the above possible with checkouts from a source
control system.  You get whatever is on that box at time T.

> Also it's a -devel port. That kinda screams "At your own risk" right
> into your face.

And NO_PACKAGES would further guarantee it.

mcl