From owner-cvs-all@FreeBSD.ORG  Tue Jan 30 10:02:11 2007
Return-Path: <owner-cvs-all@FreeBSD.ORG>
X-Original-To: cvs-all@FreeBSD.org
Delivered-To: cvs-all@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 21CC416A401;
	Tue, 30 Jan 2007 10:02:11 +0000 (UTC)
	(envelope-from krion@voodoo.bawue.com)
Received: from voodoo.bawue.com (voodoo.bawue.com [212.9.161.119])
	by mx1.freebsd.org (Postfix) with ESMTP id D21AD13C491;
	Tue, 30 Jan 2007 10:02:10 +0000 (UTC)
	(envelope-from krion@voodoo.bawue.com)
Received: from krion by voodoo.bawue.com with local (Exim 4.66 (FreeBSD))
	(envelope-from <krion@voodoo.bawue.com>)
	id 1HBpXA-000H77-SZ; Tue, 30 Jan 2007 10:44:12 +0100
Date: Tue, 30 Jan 2007 10:44:12 +0100
From: Kirill Ponomarew <krion@voodoo.bawue.com>
To: Jason Harris <jharris@widomaker.com>
Message-ID: <20070130094412.GF56322@voodoo.bawue.com>
References: <200701291905.l0TJ57fG093002__13365.9557941884$1170098220$gmane$org@repoman.freebsd.org>
	<20070130005242.GA1059@wilma.widomaker.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20070130005242.GA1059@wilma.widomaker.com>
X-NIC-HDL: KP869-RIPE
Keywords: 477273987
Cc: secteam@FreeBSD.org, cvs-ports@FreeBSD.org,
	Gabor Kovesdan <gabor@FreeBSD.org>, cvs-all@FreeBSD.org,
	ports-committers@FreeBSD.org
Subject: Re: cvs commit: ports/audio/gnump3d Makefile distinfo
	ports/devel/bglibs Makefile ports/devel/cppi Makefile
	ports/devel/cvsd Makefile ports/dns/walker Makefile distinfo
	ports/ftp/lftp Makefile distinfo ports/ftp/twoftpd Makefile ...
X-BeenThere: cvs-all@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the entire tree <cvs-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-all>
List-Post: <mailto:cvs-all@freebsd.org>
List-Help: <mailto:cvs-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-all>,
	<mailto:cvs-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Jan 2007 10:02:11 -0000

On Mon, Jan 29, 2007 at 07:52:42PM -0500, Jason Harris wrote:
> On Mon, Jan 29, 2007 at 07:05:07PM +0000, Gabor Kovesdan wrote:
> > gabor       2007-01-29 19:05:07 UTC
> > 
> >   FreeBSD ports repository
> > 
> >   Modified files:
> 
> >   Log:
> >   Remove USE_GPG from all effected ports. This knob is a no-op and the way it
> >   was supposed to work is useless, because if we can't trust the distfile from
> >   the remote machine, we can't trust the signature from the same machine either.
> >   Our MD5 and SHA256 are good for checking both the sanity and the
> >   trustiness of distfiles.
> >   
> >   Approved by:    portmgr (erwin), erwin (mentor)
> 
> Please revert this.  
> 
> And, more importantly, please respect MAINTAINERs' wishes to make
> their ports more secure, by allowing the _automatic_ checking of
> GPG signatures as a first line of defense, rather than less secure.

This "_automatic_ checking of GPG signatures" never worked and
doesn't work since no code was put into bsd.port.mk

IIRC we (portmgr) discussed the concerns about USE_GPG some years
ago and declined this idea per se.

-Kirill