Date: Tue, 17 Feb 2004 15:21:43 +0000 From: Eivind Eklund <eivind@FreeBSD.org> To: Michael Nottebrock <michaelnottebrock@gmx.net> Cc: ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/devel/tmake Makefile distinfo Message-ID: <20040217152143.GD3525@FreeBSD.org> In-Reply-To: <200402171420.47274.michaelnottebrock@gmx.net> References: <200402091336.i19Da8nQ019809@repoman.freebsd.org> <200402171404.30701.michaelnottebrock@gmx.net> <xzpr7wtn98t.fsf@dwp.des.no> <200402171420.47274.michaelnottebrock@gmx.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 17, 2004 at 02:20:46PM +0100, Michael Nottebrock wrote: > On Tuesday 17 February 2004 14:09, Dag-Erling Smørgrav wrote: > > When the checksum of a distfile changes, there is a considerable risk > > that someone may have trojaned the distfile. As a port maintainer, > > you are exptected to verify that this is not the case before updating > > the checksum in distinfo. You are also expected to summarize the > > reason for the changed checksum in the commit message so that The Rest > > Of Us[tm] can rest assured that you have indeed verified that the > > distfile was not trojaned. > > I didn't know that I was supposed to perform a security audit and I did not do > so. So if anyone happens to have the old distfile still around, please send > it my way, cause I don't. I suggest next time instead of marking a port as > BROKEN= Checksum mismatch, mark it as BROKEN= Needs security audit so I won't > be tempted to fix it. We should probably use FORBIDDEN instead of BROKEN for checksum mismatches, and have a notice in the porter's handbook. This would make it more obvious. I have no patch because I did not find any obvious place to add it. BROKEN=Needs security audit would say MUCH less to me than BROKEN="Checksum mismatch". For me (probably because I've got a background where I've been heavily security focused) "Checksum mismatch" makes it obvious that somebody has changed the distfile in some unspecified way, and we thus need a review of the changes. However, "Needs security audit" screams "This code is utterly rotten and more or less certainly contains security holes. We can't give it to the users until all the code has been audited." which is quite different from "We need to review a likely small diff". Eivind.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040217152143.GD3525>