From owner-freebsd-ports  Thu Dec 14 10:14:43 2000
From owner-freebsd-ports@FreeBSD.ORG  Thu Dec 14 10:14:40 2000
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: freebsd-ports@freebsd.org
Received: from puck.firepipe.net (poynting.physics.purdue.edu [128.210.146.58])
	by hub.freebsd.org (Postfix) with ESMTP
	id C035337B698; Thu, 14 Dec 2000 10:14:40 -0800 (PST)
Received: by puck.firepipe.net (Postfix, from userid 1000)
	id 6EB0018DB; Thu, 14 Dec 2000 13:14:40 -0500 (EST)
Date: Thu, 14 Dec 2000 13:14:40 -0500
From: Will Andrews <will@physics.purdue.edu>
To: Kris Kennaway <kris@FreeBSD.org>
Cc: Will Andrews <will@physics.purdue.edu>,
	Warner Losh <imp@village.org>, Peter Pentchev <roam@FreeBSD.org>,
	ports@FreeBSD.org, security-officer@FreeBSD.org
Subject: Re: cvs commit: ports/databases/gigabase distinfo
Message-ID: <20001214131440.M1873@puck.firepipe.net>
Reply-To: Will Andrews <will@physics.purdue.edu>
Mail-Followup-To: Will Andrews <will@physics.purdue.edu>,
	Kris Kennaway <kris@FreeBSD.org>, Warner Losh <imp@village.org>,
	Peter Pentchev <roam@FreeBSD.org>, ports@FreeBSD.org,
	security-officer@FreeBSD.org
References: <20001214122157.G1873@puck.firepipe.net> <200012141225.eBECPn385434@freefall.freebsd.org> <20001214122157.G1873@puck.firepipe.net> <200012141726.KAA48452@harmony.village.org> <20001214124734.I1873@puck.firepipe.net> <20001214101146.A26851@citusc.usc.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20001214101146.A26851@citusc.usc.edu>; from kris@FreeBSD.org on Thu, Dec 14, 2000 at 10:11:46AM -0800
X-Operating-System: FreeBSD 4.2-STABLE i386
Sender: will@puck.firepipe.net
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Dec 14, 2000 at 10:11:46AM -0800, Kris Kennaway wrote:
> We have to chase the checksum so the port still works. But we (the
> FreeBSD security community) need assurances that the change was benign
> and not a trojan introduced by a compromised server, and the ports
> community needs assurances that the software functionality has or has
> not changed significantly. Sure, it's bad release engineering for an
> author to do the latter, but it happens and we have to deal with it.

You're right.. not sure what I'm smoking.  :)
I guess I'm just really pissed at people who do this..

-- 
wca


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message