From owner-cvs-ports@FreeBSD.ORG Thu Apr 5 18:52:10 2012 Return-Path: Delivered-To: cvs-ports@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1ED981065689; Thu, 5 Apr 2012 18:52:10 +0000 (UTC) (envelope-from wxs@atarininja.org) Received: from syn.atarininja.org (syn.csh.rit.edu [129.21.49.45]) by mx1.freebsd.org (Postfix) with ESMTP id E92DA8FC19; Thu, 5 Apr 2012 18:52:09 +0000 (UTC) Received: by syn.atarininja.org (Postfix, from userid 1001) id 1E8FE5C48; Thu, 5 Apr 2012 14:52:09 -0400 (EDT) Date: Thu, 5 Apr 2012 14:52:09 -0400 From: Wesley Shields To: Michael Scheidell Message-ID: <20120405185209.GA4439@atarininja.org> References: <201204050650.q356o8No010393@repoman.freebsd.org> <20120405125508.GA99623@atarininja.org> <4F7DAD0F.9020504@FreeBSD.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4F7DAD0F.9020504@FreeBSD.org> User-Agent: Mutt/1.5.21 (2010-09-15) Cc: cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/www/gist Makefile distinfo X-BeenThere: cvs-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Apr 2012 18:52:10 -0000 On Thu, Apr 05, 2012 at 10:32:47AM -0400, Michael Scheidell wrote: > > > On 4/5/12 8:55 AM, Wesley Shields wrote: > >> because size of distfile changed radically > > Did you take a look at the differences between the old and new distfile? > > We need to always be vigilant of distfiles changing out from under us > > and carefully review the changes before we commit the update. > > > which is why I added that to the maintainers log. What is the maintainers log? I don't see anything in the PR audit trail about this, so you can't be talking about that. > It was radically different, as you can see by the diffs for distinfo. > 'distfile changing'? That was why the maintainer posted the pr, > specifically with distfile changing. How radically different? What was changed? Was it reviewed by you? > I watch for (and won't take a pr for) a new-port that uses things like > 'dropbox/' megaupload :-) or personal accounts (well, maybe > people.freebsd.org). > I have had people tell me they have to use a personal account because > the tarball is not available, and they need to 'git' the source. I agree with you, but that's not relevant here. > I have had my ports pr's rejected by a maintainer/committer because the > PATCH was in people.freebsd.org/~scheidell (and, pointing to the > authoritative source as primary.. waiting for the primary source mirrors > to catch up.) OK, but also not relevant. > in this case, what should I have done? new distfile is 40x the size of > the original ? yeh, its radically changed. no, the maintainer didn't > say it was radically changed, I did. When distfiles change it is normal for a committer to review what changed between the old and new and at least note that in the commit message. The whole point is to avoid blindly updating distinfo with information from a trojaned copy. Sadly with a 40x size increase it sounds like it may be a lot of review work. A workaround is to ask upstream for confirmation that the distfile was intentionally rerolled along with confirmation that the hash you have is correct. Bonus points if they can point you to a changelog to go along with the new distfile. -- WXS