Date: Fri, 9 Jun 2000 17:21:20 -0400 (EDT) From: Brian Fundakowski Feldman <green@FreeBSD.org> To: "David E. O'Brien" <obrien@FreeBSD.org> Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/comms/minicom/files md5 Message-ID: <Pine.BSF.4.21.0006091716370.59266-100000@green.dyndns.org> In-Reply-To: <200006091911.MAA57180@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 9 Jun 2000, David E. O'Brien wrote: > obrien 2000/06/09 12:11:03 PDT > > Modified files: > comms/minicom/files md5 > Log: > Revert to rev 1.8 -- which breaks this port again. > I don't know exactly what changed in the distfile. To generate the new > checksum I did ``make distclean makesum''. So I don't have the old distfiles > around to check. I did verify that the new distfiles does compile and the > resulting binary runs. But I guess that is not suffient today. Is a diff from the previously released (minor - 1) version unreasonable? Not a sarcastic or biting question, just frankly, is it too much to be able to check? The diffing-to-find-what-makes-an-md5-change practice is a good thing, but how good is it really when the MD5 from a new version is generated and we act on blind trust? That happens more often than bouncing md5 hashes, so isn't there even _more_ of a chance of a trojan coming in? The whole thing just gives me the willies... that and trusting your CVSup streams... -- Brian Fundakowski Feldman \ FreeBSD: The Power to Serve! / green@FreeBSD.org `------------------------------' To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0006091716370.59266-100000>