From owner-svn-ports-all@freebsd.org  Mon Nov 25 06:37:10 2019
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 3A8371CA445;
 Mon, 25 Nov 2019 06:37:10 +0000 (UTC)
 (envelope-from danfe@freebsd.org)
Received: from freefall.freebsd.org (freefall.freebsd.org [96.47.72.132])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "freefall.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 47Ly4k0kpJz41wc;
 Mon, 25 Nov 2019 06:37:10 +0000 (UTC)
 (envelope-from danfe@freebsd.org)
Received: by freefall.freebsd.org (Postfix, from userid 1033)
 id 125D09C6A; Mon, 25 Nov 2019 06:37:10 +0000 (UTC)
Date: Mon, 25 Nov 2019 06:37:10 +0000
From: Alexey Dokuchaev <danfe@freebsd.org>
To: Craig Leres <leres@freebsd.org>
Cc: Mathieu Arnold <mat@freebsd.org>, ports-committers@freebsd.org,
 svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject: Re: svn commit: r518273 - head/comms/conserver-com
Message-ID: <20191125063709.GC84936@FreeBSD.org>
References: <201911232108.xANL825f004203@repo.freebsd.org>
 <20191123213729.3taj4chqdoc6vsyb@atuin.in.mat.cc>
 <af0d9e45-64d9-1290-3add-9b5c479940af@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <af0d9e45-64d9-1290-3add-9b5c479940af@freebsd.org>
User-Agent: Mutt/1.11.4 (2019-03-13)
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Nov 2019 06:37:10 -0000

On Sat, Nov 23, 2019 at 01:43:27PM -0800, Craig Leres wrote:
> On 2019-11-23 13:37, Mathieu Arnold wrote:
> > On Sat, Nov 23, 2019 at 09:08:02PM +0000, Craig Leres wrote:
> >> New Revision: 518273
> >> URL:https://svnweb.freebsd.org/changeset/ports/518273
> >>
> >> Log:
> >>    comms/conserver-com: Update distinfo and remove BROKEN
> > This seems to be missing the description of the changes between the two
> > distribution files.
> 
> Sorry. "Apparently github occasionally changes their software resulting
> in a change in the tarchive checksum. Update to reflect the current
> version."

The thing is, you are expected to obtain both versions of the distfile
and compare them, explicitly asserting in the commit log that there were
no malicious changes introduced (and it they were, notify the upstream,
other distros' package maintainers, users, and general public immediately).

This is documented in the PHB Section 13.18.

./danfe