Date: Fri, 18 Dec 2009 13:43:20 +0100 From: Dominic Fandrey <kamikaze@bsdforen.de> To: Mark Linimon <linimon@lonesome.com> Cc: freebsd-ports@freebsd.org Subject: Re: ioquake3 support more platforms Message-ID: <4B2B78E8.7060106@bsdforen.de> In-Reply-To: <20091218122126.GB1954@lonesome.com> References: <4B2A52DB.5020602@bsdforen.de> <20091218065728.GC29158@lonesome.com> <4B2B681A.1090908@bsdforen.de> <20091218122126.GB1954@lonesome.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark Linimon wrote: > On Fri, Dec 18, 2009 at 12:31:38PM +0100, Dominic Fandrey wrote: >> But that's not different for any port. E.g. sysutils/bsdadminscripts is >> all mine, I create the distfiles and maintain the port, their is no >> guarantee that I don't do evil apart from me being quite certain that >> I don't. > > Sure there is. That's why we have ports committers. They are supposed > to audit the changes to the port to make sure that the changes are safe. > In particular, I expect that they check that the changes are not so > extensive that they indicate the distributing system has been hacked. Are committers really supposed to read the code? I find that highly improbable, even for my shell scripts that only consist of a couple KBs of code. > >> Why can one assume that an ioquake release is safe? One really cannot. >> It's made by the same people who maintain the non-trustworthy SVN. > > There's no such check as the above possible with checkouts from a source > control system. You get whatever is on that box at time T. And I'm checking what those changes are to keep this stuff running on FreeBSD. The ioquake3 project doesn't hand commit right to everyone. Look at the e17 ports. Someone takes SVN snapshots, fixes them up for FreeBSD and bundles them as distfiles. It's exactly the same process I use for ioquake3, but no one thinks the ports are untrustworthy. >> Also it's a -devel port. That kinda screams "At your own risk" right >> into your face. > > And NO_PACKAGES would further guarantee it. I don't see that. But I see a lot of disadvantages. E.g. ioquake releases only occur every couple of years. Long before the next release occurs it might not make sense to maintain the last release, because it's simply depending on a lot of outdated infrastructure. Regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B2B78E8.7060106>