Date: Mon, 13 Dec 2010 13:34:53 -0500 From: Wesley Shields <wxs@FreeBSD.org> To: "Philip M. Gollucci" <pgollucci@p6m7g8.com> Cc: cvs-ports@FreeBSD.org, "Philip M. Gollucci" <pgollucci@FreeBSD.org>, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/chinese/ibus-chewing distinfo Message-ID: <20101213183453.GA27831@atarininja.org> In-Reply-To: <4D06639E.1080405@p6m7g8.com> References: <201012130437.oBD4bHEq008860@repoman.freebsd.org> <20101213164130.GA48218@atarininja.org> <4D06639E.1080405@p6m7g8.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 13, 2010 at 06:19:10PM +0000, Philip M. Gollucci wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 12/13/10 16:41, Wesley Shields wrote: > > On Mon, Dec 13, 2010 at 04:37:17AM +0000, Philip M. Gollucci wrote: > >> pgollucci 2010-12-13 04:37:17 UTC > >> > >> FreeBSD ports repository > >> > >> Modified files: > >> chinese/ibus-chewing distinfo > >> Log: > >> - Fix checksum > > > > I thought it was a good idea to state what changed when a distfile was > > re-rolled without a version bump. > Well it is, but they re-rolled inbetween my tb test, commit and QAT > processing it. I can go digg it up but I was just trying to fix the QAT > nag mail at the time. I'm not requesting that you do that, but it could potentially be a malicious distfile now. We need to be extra careful not to propagate those if we can help it, hence the suggestion to document what was changed in order to show due diligence. I realize the chances of this one being malicious is small, but it is best to diff the two before commit, even if QAT is angry at you. I'd rather see a broken port for the short period of time it takes to do the right thing than one that is malicious that slipped through the cracks. -- WXS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101213183453.GA27831>