Date: Mon, 25 Nov 2019 06:37:10 +0000 From: Alexey Dokuchaev <danfe@freebsd.org> To: Craig Leres <leres@freebsd.org> Cc: Mathieu Arnold <mat@freebsd.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r518273 - head/comms/conserver-com Message-ID: <20191125063709.GC84936@FreeBSD.org> In-Reply-To: <af0d9e45-64d9-1290-3add-9b5c479940af@freebsd.org> References: <201911232108.xANL825f004203@repo.freebsd.org> <20191123213729.3taj4chqdoc6vsyb@atuin.in.mat.cc> <af0d9e45-64d9-1290-3add-9b5c479940af@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Nov 23, 2019 at 01:43:27PM -0800, Craig Leres wrote: > On 2019-11-23 13:37, Mathieu Arnold wrote: > > On Sat, Nov 23, 2019 at 09:08:02PM +0000, Craig Leres wrote: > >> New Revision: 518273 > >> URL:https://svnweb.freebsd.org/changeset/ports/518273 > >> > >> Log: > >> comms/conserver-com: Update distinfo and remove BROKEN > > This seems to be missing the description of the changes between the two > > distribution files. > > Sorry. "Apparently github occasionally changes their software resulting > in a change in the tarchive checksum. Update to reflect the current > version." The thing is, you are expected to obtain both versions of the distfile and compare them, explicitly asserting in the commit log that there were no malicious changes introduced (and it they were, notify the upstream, other distros' package maintainers, users, and general public immediately). This is documented in the PHB Section 13.18. ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20191125063709.GC84936>