From owner-freebsd-ports@FreeBSD.ORG Fri Dec 18 12:21:27 2009 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A53B8106566B for ; Fri, 18 Dec 2009 12:21:27 +0000 (UTC) (envelope-from linimon@lonesome.com) Received: from mail.soaustin.net (lefty.soaustin.net [66.135.55.46]) by mx1.freebsd.org (Postfix) with ESMTP id 88CDF8FC12 for ; Fri, 18 Dec 2009 12:21:27 +0000 (UTC) Received: by mail.soaustin.net (Postfix, from userid 502) id 1309C8C06D; Fri, 18 Dec 2009 06:21:27 -0600 (CST) Date: Fri, 18 Dec 2009 06:21:27 -0600 From: Mark Linimon To: Dominic Fandrey Message-ID: <20091218122126.GB1954@lonesome.com> References: <4B2A52DB.5020602@bsdforen.de> <20091218065728.GC29158@lonesome.com> <4B2B681A.1090908@bsdforen.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4B2B681A.1090908@bsdforen.de> User-Agent: Mutt/1.5.18 (2008-05-17) Cc: freebsd-ports@freebsd.org Subject: Re: ioquake3 support more platforms X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2009 12:21:27 -0000 On Fri, Dec 18, 2009 at 12:31:38PM +0100, Dominic Fandrey wrote: > But that's not different for any port. E.g. sysutils/bsdadminscripts is > all mine, I create the distfiles and maintain the port, their is no > guarantee that I don't do evil apart from me being quite certain that > I don't. Sure there is. That's why we have ports committers. They are supposed to audit the changes to the port to make sure that the changes are safe. In particular, I expect that they check that the changes are not so extensive that they indicate the distributing system has been hacked. > Why can one assume that an ioquake release is safe? One really cannot. > It's made by the same people who maintain the non-trustworthy SVN. There's no such check as the above possible with checkouts from a source control system. You get whatever is on that box at time T. > Also it's a -devel port. That kinda screams "At your own risk" right > into your face. And NO_PACKAGES would further guarantee it. mcl