Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 23 Oct 2011 18:50:38 -0700
From:      Doug Barton <dougb@FreeBSD.org>
To:        Eitan Adler <eadler@freebsd.org>
Cc:        Alexey Dokuchaev <danfe@freebsd.org>, samm@os2.kiev.ua, miwi@freebsd.org, cvs-all@freebsd.org, ports-committers@freebsd.org, cvs-ports@freebsd.org
Subject:   Re: cvs commit: ports/sysutils/smartmontools distinfo
Message-ID:  <4EA4C46E.6050704@FreeBSD.org>
In-Reply-To: <CAF6rxgkT-RHuMirGGhmRFJQQmw=1u4k70qHkF4pCrYu5bfgYEA@mail.gmail.com>
References:  <201110231316.p9NDGJRw009744@repoman.freebsd.org> <CABhnLuiB-g65Z18oEUmW6nPvtA46bsh0AAHx%2Bj%2B_MyewbGJF=g@mail.gmail.com> <CAF6rxgn8c7mm=cARn2a=qMkGkQD_jZrp9Z8uBYkUTWzTPF03kA@mail.gmail.com> <20111024005553.GB92862@FreeBSD.org> <CAF6rxgkT-RHuMirGGhmRFJQQmw=1u4k70qHkF4pCrYu5bfgYEA@mail.gmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 10/23/2011 18:44, Eitan Adler wrote:
> 2011/10/23 Alexey Dokuchaev <danfe@freebsd.org>:
>> That's nice to know, but our bylaws require manual verification of the
>> contents of two distfiles when they change with no apparent reason (that is,
>> version stays the same) and presenting results in the commit log.
> 
> I checked the GPG signature of the file I downloaded. I was made aware
> that I should have included some indication of such in the commit log
> and will do so in the future.
> 
>> It (not doing so) had bitten us before, ARAIR.
> 
> As a security researcher who has found issues before in various open
> source projects, I fully understand the concern.

All that is great, but IMO still inadequate.

If the original 5.42 distfile is not available (and hopefully the
maintainer has it?), then comparing the new 5.42 to 5.41 would be a good
next step.


Doug

-- 

	Nothin' ever doesn't change, but nothin' changes much.
			-- OK Go

	Breadth of IT experience, and depth of knowledge in the DNS.
	Yours for the right price.  :)  http://SupersetSolutions.com/




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4EA4C46E.6050704>