From owner-cvs-all@FreeBSD.ORG Thu Apr 5 19:15:42 2012 Return-Path: Delivered-To: cvs-all@FreeBSD.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 60D011065673; Thu, 5 Apr 2012 19:15:42 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from [127.0.0.1] (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id E5AB0151D92; Thu, 5 Apr 2012 19:15:41 +0000 (UTC) Message-ID: <4F7DEF5D.9020908@FreeBSD.org> Date: Thu, 05 Apr 2012 12:15:41 -0700 From: Doug Barton Organization: http://www.FreeBSD.org/ User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:11.0) Gecko/20120327 Thunderbird/11.0.1 MIME-Version: 1.0 To: Wesley Shields References: <201204050650.q356o8No010393@repoman.freebsd.org> <20120405125508.GA99623@atarininja.org> <4F7DAD0F.9020504@FreeBSD.org> <20120405185209.GA4439@atarininja.org> In-Reply-To: <20120405185209.GA4439@atarininja.org> X-Enigmail-Version: 1.4 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Michael Scheidell , cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/www/gist Makefile distinfo X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Apr 2012 19:15:42 -0000 On 4/5/2012 11:52 AM, Wesley Shields wrote: > When distfiles change it is normal for a committer to review what > changed between the old and new and at least note that in the commit > message. It's not just normal, it's required. In this situation I think that the commit should probably be backed out, and the port marked BROKEN until the questions about the new distfile can be adequately answered. Doug > The whole point is to avoid blindly updating distinfo with > information from a trojaned copy. > > Sadly with a 40x size increase it sounds like it may be a lot of review > work. A workaround is to ask upstream for confirmation that the distfile > was intentionally rerolled along with confirmation that the hash you > have is correct. Bonus points if they can point you to a changelog to go > along with the new distfile. > > -- WXS >