Date: Mon, 26 May 2014 22:00:47 +0200 From: =?utf-8?Q?Bart=C5=82omiej_Rutkowski?= <r@robakdesign.com> To: marino@freebsd.org Cc: ports@robakdesign.com, freebsd-python@FreeBSD.org Subject: Re: ports/189666: devel/py-demjson: unfetchable due to rerolled tarball Message-ID: <FD39A570-A261-45FA-B98D-A31E9316C9DD@robakdesign.com> In-Reply-To: <53839C13.4040405@marino.st> References: <201405260846.s4Q8kUdC079970@freefall.freebsd.org> <C6C210C7-53CE-4185-8624-CE3737598A4F@robakdesign.com> <53839C13.4040405@marino.st>
next in thread | previous in thread | raw e-mail | index | archive | help
Wiadomo=C5=9B=C4=87 napisana przez John Marino = <freebsd.contact@marino.st> w dniu 26 maj 2014, o godz. 21:54: > On 5/26/2014 21:36, Bart=C5=82omiej Rutkowski wrote: >> I've just mailed the upstream, explaining the situation and >> suggesting releasing such changes as minor version numbers, like >> 2.0.1 or something similar. We'll see what, if any response will I >> receive, but for now, please, patch the port with new distinfo you've >> proposed. If this happens again and we wont get any answer by that >> time, we'll consider hosting the distfiles or removing the port. >=20 > Hi Bartek, > The issue is that I can't blindly update the distinfo. Somebody = (almost > always the maintainer) has to "diff" the original version and the new > version and evaluate exactly what changed and if it's malicious. >=20 > I already got chewed out last week for not verifying this personally, > but I generally trust the maintainer if he/she said he did this. Have > you actually looked inside the new tarball? >=20 > Thanks, > John John, Actually, this havent crossed my mind, that the distfiles could not have = been simply re-released due to malicious activity and only thought this = was because of bad practice, so I havent actually looked into the = tarball, but instead only checked it it builds correctly on all = supported system versions. I am well aware of the possible danger and = consequences but it just havent lighten the red light in my head this = time, sorry! The author already replied to me, and I am in process of figuring out = what's going on - I'll update you as soon as I'll know anything. Kind regards, Bartek Rutkowski=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FD39A570-A261-45FA-B98D-A31E9316C9DD>