From owner-freebsd-ports@FreeBSD.ORG Mon May 15 22:00:42 2006 Return-Path: X-Original-To: freebsd-ports@freebsd.org Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 833A716B959 for ; Mon, 15 May 2006 22:00:42 +0000 (UTC) (envelope-from jdc@parodius.com) Received: from mx1.parodius.com (mx1.parodius.com [64.62.145.229]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5495543D49 for ; Mon, 15 May 2006 22:00:30 +0000 (GMT) (envelope-from jdc@parodius.com) Received: by mx1.parodius.com (Postfix, from userid 500) id 3294E5D12; Mon, 15 May 2006 15:00:30 -0700 (PDT) Date: Mon, 15 May 2006 15:00:30 -0700 From: Jeremy Chadwick To: freebsd-ports@freebsd.org Message-ID: <20060515220030.GA18254@pentarou.parodius.com> Mail-Followup-To: freebsd-ports@freebsd.org References: <4468F29C.9070202@rogers.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4468F29C.9070202@rogers.com> X-PGP-Key: http://jdc.parodius.com/pubkey.asc User-Agent: Mutt/1.5.11 Subject: Re: FreeBSD Port: lang/php5 (distinfo missmatch) X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 15 May 2006 22:00:42 -0000 On Mon, May 15, 2006 at 05:29:00PM -0400, Mike Jakubik wrote: > The md5 checksum and the size of php-5.1.4.tar.bz2 seems to differ from > what the file actually is, and what is described on the php website. > > root@spamtoaster.home.local:/usr/ports/lang/php5# make fetch > ===> Vulnerability check disabled, database not found > => php-5.1.4.tar.bz2 doesn't seem to exist in /usr/ports/distfiles/. > => Attempting to fetch from http://br.php.net/distributions/. > fetch: http://br.php.net/distributions/php-5.1.4.tar.bz2: size mismatch: > expected 5992825, actual 6356171 > => Attempting to fetch from http://cn.php.net/distributions/. > fetch: http://cn.php.net/distributions/php-5.1.4.tar.bz2: size mismatch: > expected 5992825, actual 6356171 > > ... > > Website states: > > PHP 5.1.4 (tar.bz2) [6,207Kb] - 04 May 2006 > md5: 66a806161d4a2d3b5153ebe4cd0f2e1c Taken from the PHP home page, in bold: >> The tarballs were updated to include the PEAR's phar file, previously >> missing from the release. Is this the newest trend in the open-source world? Re-packaging pre-existing tarballs and modifying patches and other what-nots? This is really *really* bad form and behaviour. It completely defeats the purpose (re: security) of MD5 and SHA checksums. All this does is induce more Bugzilla bugs and support mails -- and ultimately waste everyone's time. I'd love to get my hands around the necks of some of these folks... if any of tehm read freebsd-ports: **PLEASE STOP DOING THIS**! -- | Jeremy Chadwick jdc at parodius.com | | Parodius Networking http://www.parodius.com/ | | UNIX Systems Administrator Mountain View, CA, USA | | Making life hard for others since 1977. |