Date: Mon, 3 Jun 2013 22:57:16 +0200 From: Eitan Adler <eadler@freebsd.org> To: Tom Rhodes <trhodes@freebsd.org> Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, ports-committers@freebsd.org, Bryan Drewery <bdrewery@freebsd.org> Subject: Re: svn commit: r319792 - head/sysutils/fsc Message-ID: <CAF6rxg=%2B9F_Ws0n7igJ9dKG6r4KB_xOqTtYOHqVngstw6iXizg@mail.gmail.com> In-Reply-To: <20130603155106.7f3e5826.trhodes@FreeBSD.org> References: <201306031632.r53GWPdP069628@svn.freebsd.org> <51ACC994.4060608@FreeBSD.org> <20130603133012.114c2ae7.trhodes@FreeBSD.org> <51ACDC95.4060600@FreeBSD.org> <20130603155106.7f3e5826.trhodes@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3 June 2013 21:51, Tom Rhodes <trhodes@freebsd.org> wrote: > I am a ports committer, sorry I forgot about this - considering I > commit to this area rarely. So you can remind me about the rule, > link to relevant documention, and I will remember for the future > or "fix" the issue. No attitude needed. Rerolling upstreams causes problems for downstream users - the ports system caches distfiles and requires manual intervention if a new file of the same name needs to be downloaded - checksums are used to verify the integrity of files downloaded. It is possible (and has actually happened) that someone will upload a malicious version of an otherwise legit project. While we would prefer checking in every case we are especially careful when an upstream project seems changed. In this case you are both the upstream and the downstream so the latter is less of an issue, but consider other projects that may be a downstream user (i.e., DragonflyBSD or others). -- Eitan Adler Source, Ports, Doc committer Bugmeister, Ports Security teams
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxg=%2B9F_Ws0n7igJ9dKG6r4KB_xOqTtYOHqVngstw6iXizg>