Date: Fri, 3 Jul 2015 23:15:07 +0000 From: "Sergey A. Osokin" <osa@FreeBSD.org> To: Kubilay Kocak <koobs@FreeBSD.org> Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r391254 - in head/www: nginx nginx-devel Message-ID: <20150703231507.GC24716@FreeBSD.org> In-Reply-To: <5596CE3C.5000801@FreeBSD.org> References: <201507031644.t63GixME014247@repo.freebsd.org> <20150703172909.GB24716@FreeBSD.org> <5596CE3C.5000801@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jul 04, 2015 at 04:02:36AM +1000, Kubilay Kocak wrote: > On 4/07/2015 3:29 AM, Sergey A. Osokin wrote: > > Dear Kubilay, > > > > I didn't approve this change, so, I have at least two questions here: > > I believe the tag was moved 11 days ago and the issue (PR) created 7 > days ago. A number of users had reported the issue today as ongoing, > which is when I found the bugzilla issue. I had assumed you weren't > otherwise available and wanted to help. Have you asked those users to add "+1" to PR 201129? > > 1. have you checked what actually has been changed? Is there any chance to see > > the diff between old distro and new one? > > I did not, I considered it the same as I would have a normal version > bump of a module, except in this case the distinfo checksum mismatch was > caused by upstream moving a tag, not a maintainer forgetting to run makesum. Well, I don't think that this is good idea to commit every change to the "super popular software packages", what I've heard in the PR. The size/SHA256 mismatch in third-party headers_more module has been acquired probably because of the module's author mistake (but I think he thought he did his best): he's changed something in source code after the creation of the release tag. Another version a bit paranoid, but anyway: somebody hacked a github account, committed a troyan, re-created the tag and Kubilay added that troyan into FreeBSD ports tree. Actually this is why I'm asking you to show the changes between versions. In my point of view, I'd highly recommend to ask the module's author about change, create new release with that change. > I don't know how to see how/where a tag was moved between commits, so as > to derive a changeset. > > It would be nice to know if there is a way. > > > 2. the third-party headers_more undefined by default, so PORTREVISION bump > > isn't necessary in this case. > > Understood. I had originally thought that since the distinfo was > packaged, and that the contents was changing, that it may have been > required. -- Sergey A. Osokin osa@FreeBSD.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150703231507.GC24716>