From owner-cvs-all@FreeBSD.ORG Wed Jun 2 07:56:08 2010 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E64B5106566C; Wed, 2 Jun 2010 07:56:08 +0000 (UTC) (envelope-from peterjeremy@acm.org) Received: from mail16.syd.optusnet.com.au (mail16.syd.optusnet.com.au [211.29.132.197]) by mx1.freebsd.org (Postfix) with ESMTP id 6F68F8FC0C; Wed, 2 Jun 2010 07:56:07 +0000 (UTC) Received: from server.vk2pj.dyndns.org (c211-30-160-13.mirnd2.nsw.optusnet.com.au [211.30.160.13] (may be forged)) by mail16.syd.optusnet.com.au (8.13.1/8.13.1) with ESMTP id o527u1Lg015085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 2 Jun 2010 17:56:03 +1000 X-Bogosity: Ham, spamicity=0.000000 Received: from server.vk2pj.dyndns.org (localhost.vk2pj.dyndns.org [127.0.0.1]) by server.vk2pj.dyndns.org (8.14.4/8.14.4) with ESMTP id o527txjW041830; Wed, 2 Jun 2010 17:55:59 +1000 (EST) (envelope-from peter@server.vk2pj.dyndns.org) Received: (from peter@localhost) by server.vk2pj.dyndns.org (8.14.4/8.14.4/Submit) id o527twCL041829; Wed, 2 Jun 2010 17:55:58 +1000 (EST) (envelope-from peter) Date: Wed, 2 Jun 2010 17:55:58 +1000 From: Peter Jeremy To: Sylvio =?iso-8859-1?Q?C=E9sar?= Message-ID: <20100602075558.GB41763@server.vk2pj.dyndns.org> References: <201005291622.o4TGML6m063089@repoman.freebsd.org> <20100529203638.GA56806@FreeBSD.org> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="xXmbgvnjoT4axfJE" Content-Disposition: inline In-Reply-To: X-PGP-Key: http://members.optusnet.com.au/peterjeremy/pubkey.asc User-Agent: Mutt/1.5.20 (2009-06-14) Cc: cvs-ports@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org Subject: Re: cvs commit: ports/math/dislin distinfo-6.0 distinfo-7.0 pkg-plist X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: **OBSOLETE** CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Jun 2010 07:56:09 -0000 --xXmbgvnjoT4axfJE Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2010-May-29 19:38:20 -0300, Sylvio C=E9sar wrote: >2010/5/29 Alexey Dokuchaev : >> On Sat, May 29, 2010 at 04:22:21PM +0000, Sylvio Cesar Teixeira wrote: >>> sylvio =A0 =A0 =A02010-05-29 16:22:21 UTC >>> >>> =A0 FreeBSD ports repository >>> >>> =A0 Modified files: >>> =A0 =A0 math/dislin =A0 =A0 =A0 =A0 =A0distinfo-6.0 distinfo-7.0 pkg-pl= ist >>> =A0 Log: >>> =A0 - Tarball rerolled >> >> I've noticed several commits similar to this one about with port; which >> brings us to the following questions: >> >> - Did you verified the changes? > >Yes, the pkg-plist update too to this port. I think you may have misunderstood the issue. The Project's concern with rerolled distfiles is that they may contain unuathorised (and potentially malicious) changes to the content. In order to guard against that, it is expected that before committing an update to the distinfo file, the committer will diff both the old and new distfiles and verify that any changes are not harmful. --=20 Peter Jeremy --xXmbgvnjoT4axfJE Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (FreeBSD) iEYEARECAAYFAkwGDo4ACgkQ/opHv/APuIcJ6ACcC3nOUxUEuwk8YPGeCcvHfhY/ 7vcAn3O+NcEOYFkzYtRmfQ1+QvoG8J54 =mDg/ -----END PGP SIGNATURE----- --xXmbgvnjoT4axfJE--