Date: Tue, 04 Oct 2011 13:52:57 +0200 From: Gabor Kovesdan <gabor@FreeBSD.org> To: Doug Barton <dougb@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, Boris Samorodov <bsam@FreeBSD.org>, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/mail/imaptools distinfo Message-ID: <4E8AF399.1060601@FreeBSD.org> In-Reply-To: <4E8A0449.1020303@FreeBSD.org> References: <201110031305.p93D5K3x082695@repoman.freebsd.org> <4E8A0449.1020303@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2011.10.03. 20:51, Doug Barton wrote: > Confirming with the author is fine, but did you compare the old and new > distfiles yourself? If so, what changed? Don't take my comment personally, I just picked this particular mail to reply to. I have never understood why such issues have been taken so seriously. Imo, if the author confirms the change that should be enough. If we had audited the initial port and each new upgrade, a stricter check would make sense but we don't do that so the port can still have malicious code from earlier versions (e.g. irc/unreal did [1]). Verifying just one diff between two distfiles does not guarantee safe and sane code. Cheers, Gabor [1] http://forums.unrealircd.com/viewtopic.php?t=6562
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4E8AF399.1060601>