From owner-cvs-all@FreeBSD.ORG  Mon Dec 13 18:34:57 2010
Return-Path: <owner-cvs-all@FreeBSD.ORG>
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 21B881065782;
	Mon, 13 Dec 2010 18:34:57 +0000 (UTC)
	(envelope-from wxs@atarininja.org)
Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.49.45])
	by mx1.freebsd.org (Postfix) with ESMTP id ED1738FC17;
	Mon, 13 Dec 2010 18:34:56 +0000 (UTC)
Received: by syn.atarininja.org (Postfix, from userid 1001)
	id 268E75C3B; Mon, 13 Dec 2010 13:34:53 -0500 (EST)
Date: Mon, 13 Dec 2010 13:34:53 -0500
From: Wesley Shields <wxs@FreeBSD.org>
To: "Philip M. Gollucci" <pgollucci@p6m7g8.com>
Message-ID: <20101213183453.GA27831@atarininja.org>
References: <201012130437.oBD4bHEq008860@repoman.freebsd.org>
	<20101213164130.GA48218@atarininja.org>
	<4D06639E.1080405@p6m7g8.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4D06639E.1080405@p6m7g8.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: cvs-ports@FreeBSD.org, "Philip M. Gollucci" <pgollucci@FreeBSD.org>,
	cvs-all@FreeBSD.org, ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/chinese/ibus-chewing distinfo
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: **OBSOLETE** CVS commit messages for the entire tree
	<cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2010 18:34:57 -0000

On Mon, Dec 13, 2010 at 06:19:10PM +0000, Philip M. Gollucci wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 12/13/10 16:41, Wesley Shields wrote:
> > On Mon, Dec 13, 2010 at 04:37:17AM +0000, Philip M. Gollucci wrote:
> >> pgollucci    2010-12-13 04:37:17 UTC
> >>
> >>   FreeBSD ports repository
> >>
> >>   Modified files:
> >>     chinese/ibus-chewing distinfo 
> >>   Log:
> >>   - Fix checksum
> > 
> > I thought it was a good idea to state what changed when a distfile was
> > re-rolled without a version bump.
> Well it is, but they re-rolled inbetween my tb test, commit and QAT
> processing it. I can go digg it up but I was just trying to fix the QAT
> nag mail at the time.

I'm not requesting that you do that, but it could potentially be a
malicious distfile now. We need to be extra careful not to propagate
those if we can help it, hence the suggestion to document what was
changed in order to show due diligence.

I realize the chances of this one being malicious is small, but it is
best to diff the two before commit, even if QAT is angry at you. I'd
rather see a broken port for the short period of time it takes to do the
right thing than one that is malicious that slipped through the cracks.

-- WXS