From owner-cvs-ports@FreeBSD.ORG Tue Feb 17 05:20:52 2004 Return-Path: Delivered-To: cvs-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C193616A4CE; Tue, 17 Feb 2004 05:20:52 -0800 (PST) Received: from meitner.wh.uni-dortmund.de (meitner.wh.uni-dortmund.de [129.217.129.133]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6002443D3F; Tue, 17 Feb 2004 05:20:52 -0800 (PST) (envelope-from michaelnottebrock@gmx.net) Received: from lofi.dyndns.org (pc2-105.intern.meitner [10.3.12.105]) by meitner.wh.uni-dortmund.de (Postfix) with ESMTP id 6F8A7167522; Tue, 17 Feb 2004 14:20:51 +0100 (CET) Received: from localhost.invalid (kiste.my.domain [192.168.8.4]) (authenticated bits=0) by lofi.dyndns.org (8.12.10/8.12.10) with ESMTP id i1HDKlHU021929 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO); Tue, 17 Feb 2004 14:20:47 +0100 (CET) (envelope-from michaelnottebrock@gmx.net) From: Michael Nottebrock To: des@des.no (Dag-Erling =?iso-8859-1?q?Sm=F8rgrav?=) Date: Tue, 17 Feb 2004 14:20:46 +0100 User-Agent: KMail/1.6 References: <200402091336.i19Da8nQ019809@repoman.freebsd.org> <200402171404.30701.michaelnottebrock@gmx.net> In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha1; boundary="Boundary-02=_vUhMAiGjiDz4qQi"; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200402171420.47274.michaelnottebrock@gmx.net> X-Virus-Scanned: by amavisd-new cc: cvs-ports@FreeBSD.org cc: ports-committers@FreeBSD.org cc: Michael Nottebrock cc: cvs-all@FreeBSD.org cc: Kris Kennaway Subject: Re: cvs commit: ports/devel/tmake Makefile distinfo X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Feb 2004 13:20:53 -0000 --Boundary-02=_vUhMAiGjiDz4qQi Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Tuesday 17 February 2004 14:09, Dag-Erling Sm=F8rgrav wrote: > Michael Nottebrock writes: > > On Tuesday 17 February 2004 13:49, Kris Kennaway wrote: > > > On Mon, Feb 09, 2004 at 02:07:32PM -0800, Kris Kennaway wrote: > > > > On Mon, Feb 09, 2004 at 05:36:08AM -0800, Michael Nottebrock wrote: > > > > > Log: > > > > > Fix distinfo, SIZEify. > > > > > > > > You forgot to summarize what changed. > > > > > > I didn't see a followup to this. > > > > I have no idea what you expect me to write. > > When the checksum of a distfile changes, there is a considerable risk > that someone may have trojaned the distfile. As a port maintainer, > you are exptected to verify that this is not the case before updating > the checksum in distinfo. You are also expected to summarize the > reason for the changed checksum in the commit message so that The Rest > Of Us[tm] can rest assured that you have indeed verified that the > distfile was not trojaned. I didn't know that I was supposed to perform a security audit and I did not= do=20 so. So if anyone happens to have the old distfile still around, please send= =20 it my way, cause I don't. I suggest next time instead of marking a port as= =20 BROKEN=3D Checksum mismatch, mark it as BROKEN=3D Needs security audit so I= won't=20 be tempted to fix it. =2D-=20 ,_, | Michael Nottebrock | lofi@freebsd.org (/^ ^\) | FreeBSD - The Power to Serve | http://www.freebsd.org \u/ | K Desktop Environment on FreeBSD | http://freebsd.kde.org --Boundary-02=_vUhMAiGjiDz4qQi Content-Type: application/pgp-signature Content-Description: signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQBAMhUvXhc68WspdLARAnPSAKCAtb2goFx2SZH49kLV5+Glbjtl2gCggllE Z3wSsWJ+mCSb5F91C69PHxk= =3WG4 -----END PGP SIGNATURE----- --Boundary-02=_vUhMAiGjiDz4qQi--