Date: Sun, 23 Oct 2011 21:44:47 -0400 From: Eitan Adler <eadler@freebsd.org> To: Alexey Dokuchaev <danfe@freebsd.org> Cc: cvs-ports@freebsd.org, ports-committers@freebsd.org, cvs-all@freebsd.org, miwi@freebsd.org Subject: Re: cvs commit: ports/sysutils/smartmontools distinfo Message-ID: <CAF6rxgkT-RHuMirGGhmRFJQQmw=1u4k70qHkF4pCrYu5bfgYEA@mail.gmail.com> In-Reply-To: <20111024005553.GB92862@FreeBSD.org> References: <201110231316.p9NDGJRw009744@repoman.freebsd.org> <CABhnLuiB-g65Z18oEUmW6nPvtA46bsh0AAHx%2Bj%2B_MyewbGJF=g@mail.gmail.com> <CAF6rxgn8c7mm=cARn2a=qMkGkQD_jZrp9Z8uBYkUTWzTPF03kA@mail.gmail.com> <20111024005553.GB92862@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
2011/10/23 Alexey Dokuchaev <danfe@freebsd.org>: > That's nice to know, but our bylaws require manual verification of the > contents of two distfiles when they change with no apparent reason (that is, > version stays the same) and presenting results in the commit log. I checked the GPG signature of the file I downloaded. I was made aware that I should have included some indication of such in the commit log and will do so in the future. > It (not doing so) had bitten us before, ARAIR. As a security researcher who has found issues before in various open source projects, I fully understand the concern. -- Eitan Adler Ports committer X11, Bugbusting teams
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxgkT-RHuMirGGhmRFJQQmw=1u4k70qHkF4pCrYu5bfgYEA>