Date: Sun, 16 Jul 2000 18:11:38 +0200 From: Jeroen Ruigrok van der Werven <jruigrok@via-net-works.nl> To: Will Andrews <andrews@technologist.com> Cc: Hajimu UMEMOTO <ume@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: ports/sysutils/gkrellm/files md5 Message-ID: <20000716181138.A57307@lucifer.bart.nl> In-Reply-To: <20000716112616.A535@argon.gryphonsoft.com>; from andrews@technologist.com on Sun, Jul 16, 2000 at 11:26:16AM -0400 References: <200007161421.HAA35971@freefall.freebsd.org> <20000716170202.C57042@lucifer.bart.nl> <20000716112616.A535@argon.gryphonsoft.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-On [20000716 17:30], Will Andrews (andrews@technologist.com) wrote: >On Sun, Jul 16, 2000 at 05:02:02PM +0200, Jeroen Ruigrok van der Werven wrote: >> The security officers would like to know what exactly changed between >> the one version and the other. For all we know it could've been >> trojaned. > >The problem with this is that we don't check new-versioned distfiles for >trojans either. As we've discussed previously, "all or no security >auditing, there's little point in anything in between". I can somewhat agree to that. We don't check new versioned distfiles, but to change the md5 on an existing port blindly seems rather silly. Simply because something changed to the distfile. This is an indication for the maintainer to become suspicious. That's my point. -- Jeroen Ruigrok van der Werven Network- and systemadministrator <jruigrok@via-net-works.nl> VIA Net.Works The Netherlands BSD: Technical excellence at its best http://www.via-net-works.nl I think, therefore I am... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000716181138.A57307>