From owner-freebsd-ports-bugs@FreeBSD.ORG Tue Apr 29 10:53:17 2003 Return-Path: Delivered-To: freebsd-ports-bugs@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E2A6937B40B; Tue, 29 Apr 2003 10:53:17 -0700 (PDT) Received: from gerweck.dyndns.org (adsl-64-161-25-0.dsl.sntc01.pacbell.net [64.161.25.0]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3AA643F93; Tue, 29 Apr 2003 10:53:16 -0700 (PDT) (envelope-from andy@tacnode.com) Received: from tacnode.com (fuzzy.eville [192.168.111.21]) (authenticated bits=0) by gerweck.dyndns.org (8.12.6p2/8.12.6) with ESMTP id h3THrG1p019023 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 29 Apr 2003 10:53:16 -0700 (PDT) (envelope-from andy@tacnode.com) Message-ID: <3EAEBC11.6050203@tacnode.com> Date: Tue, 29 Apr 2003 10:53:21 -0700 From: Andy Gerweck User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.3) Gecko/20030312 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Peter Pentchev References: <200302281426.h1SEQtLD063358@freefall.freebsd.org> In-Reply-To: <200302281426.h1SEQtLD063358@freefall.freebsd.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit cc: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/48352: JavaCC port updated for new distfiles. X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 29 Apr 2003 17:53:18 -0000 Were you planning on committing this change? Like I said, the port is useless without the updated checksum. Any risk of trojan should be obvious to the user who has to go and manually fetch the distribution files from WebGain. Thanks, Andy Gerweck Peter Pentchev wrote: > Synopsis: JavaCC port updated for new distfiles. > > State-Changed-From-To: open->feedback > State-Changed-By: roam > State-Changed-When: Fri Feb 28 06:23:56 PST 2003 > State-Changed-Why: > Do you know what exactly changed in the distfile? Would you happen to > keep a copy of the old distfile, and if so, could you run a 'diff' or > something to find out what exactly changed? > > The MD5 checksum mechanism is there for a reason: there have been many > cases in the past years of intruders modifying distribution files to add > Trojans; it would benicegood to know exactly what the changes are before > bldndly updating the checksum :) > > > Responsible-Changed-From-To: freebsd-ports-bugs->roam > Responsible-Changed-By: roam > Responsible-Changed-When: Fri Feb 28 06:23:56 PST 2003 > Responsible-Changed-Why: > I'll take care of this one. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=48352