Date: Tue, 29 Apr 2003 10:53:21 -0700 From: Andy Gerweck <andy@tacnode.com> To: Peter Pentchev <roam@FreeBSD.org> Cc: freebsd-ports-bugs@FreeBSD.org Subject: Re: ports/48352: JavaCC port updated for new distfiles. Message-ID: <3EAEBC11.6050203@tacnode.com> In-Reply-To: <200302281426.h1SEQtLD063358@freefall.freebsd.org> References: <200302281426.h1SEQtLD063358@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Were you planning on committing this change? Like I said, the port is useless without the updated checksum. Any risk of trojan should be obvious to the user who has to go and manually fetch the distribution files from WebGain. Thanks, Andy Gerweck Peter Pentchev wrote: > Synopsis: JavaCC port updated for new distfiles. > > State-Changed-From-To: open->feedback > State-Changed-By: roam > State-Changed-When: Fri Feb 28 06:23:56 PST 2003 > State-Changed-Why: > Do you know what exactly changed in the distfile? Would you happen to > keep a copy of the old distfile, and if so, could you run a 'diff' or > something to find out what exactly changed? > > The MD5 checksum mechanism is there for a reason: there have been many > cases in the past years of intruders modifying distribution files to add > Trojans; it would benicegood to know exactly what the changes are before > bldndly updating the checksum :) > > > Responsible-Changed-From-To: freebsd-ports-bugs->roam > Responsible-Changed-By: roam > Responsible-Changed-When: Fri Feb 28 06:23:56 PST 2003 > Responsible-Changed-Why: > I'll take care of this one. > > http://www.freebsd.org/cgi/query-pr.cgi?pr=48352
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3EAEBC11.6050203>