Date: Sat, 15 Sep 2007 15:06:05 +0200 From: Simon Barner <barner@FreeBSD.org> To: Kris Kennaway <kris@FreeBSD.org> Cc: ports@freebsd.org, Luigi Rizzo <rizzo@icir.org> Subject: Re: any standard method to fetch a port's sources from svn (or cvs, etc) ? Message-ID: <20070915130605.GA1385@dose.local.invalid> In-Reply-To: <46E41795.3060304@FreeBSD.org> References: <20070909065432.A33424@xorpc.icir.org> <46E41795.3060304@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--sdtB3X0nJg68CQEu Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable > It is recommended not to do this. Some of our users are behind firewalls= =20 > and cannot fetch except via HTTP and FTP. Instead, you need to create yo= ur=20 > own tarball of the sources checked out from the VCS, possibly using a=20 > "helper" makefile target that fetches from VCS and creates the tarball fo= r=20 > republication by you on MASTER_SITE_LOCAL. Another arguments against fetching the source directly from a VCS are: - The build may be broken. - Security: Snapshots of the VCS have cryptographic checksums in distinfo (as every other 'normal' distfile has). Users of the port can thus be sure (at least with a probability of 1 - epsilon ;-) that they build the same sources as the port maintainer. --=20 Best regards / Viele Gr=FC=DFe, barner@FreeBSD.= org Simon Barner barner@gmx.de --sdtB3X0nJg68CQEu Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFG69i9Ckn+/eutqCoRAk7iAKDM9wnJbNVx9lEUV0aP2RGO3bWulACfTMwM seLrXZPJO2i31fn/036/5HI= =Lnx2 -----END PGP SIGNATURE----- --sdtB3X0nJg68CQEu--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070915130605.GA1385>