Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 18 Dec 2009 13:43:20 +0100
From:      Dominic Fandrey <kamikaze@bsdforen.de>
To:        Mark Linimon <linimon@lonesome.com>
Cc:        freebsd-ports@freebsd.org
Subject:   Re: ioquake3 support more platforms
Message-ID:  <4B2B78E8.7060106@bsdforen.de>
In-Reply-To: <20091218122126.GB1954@lonesome.com>
References:  <4B2A52DB.5020602@bsdforen.de>	<20091218065728.GC29158@lonesome.com>	<4B2B681A.1090908@bsdforen.de> <20091218122126.GB1954@lonesome.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Mark Linimon wrote:
> On Fri, Dec 18, 2009 at 12:31:38PM +0100, Dominic Fandrey wrote:
>> But that's not different for any port. E.g. sysutils/bsdadminscripts is
>> all mine, I create the distfiles and maintain the port, their is no
>> guarantee that I don't do evil apart from me being quite certain that
>> I don't.
> 
> Sure there is.  That's why we have ports committers.  They are supposed
> to audit the changes to the port to make sure that the changes are safe.
> In particular, I expect that they check that the changes are not so
> extensive that they indicate the distributing system has been hacked.

Are committers really supposed to read the code? I find that highly
improbable, even for my shell scripts that only consist of a couple KBs
of code.

> 
>> Why can one assume that an ioquake release is safe? One really cannot.
>> It's made by the same people who maintain the non-trustworthy SVN.
> 
> There's no such check as the above possible with checkouts from a source
> control system.  You get whatever is on that box at time T.

And I'm checking what those changes are to keep this stuff running on
FreeBSD. The ioquake3 project doesn't hand commit right to everyone.

Look at the e17 ports. Someone takes SVN snapshots, fixes them up for
FreeBSD and bundles them as distfiles. It's exactly the same process I
use for ioquake3, but no one thinks the ports are untrustworthy.

>> Also it's a -devel port. That kinda screams "At your own risk" right
>> into your face.
> 
> And NO_PACKAGES would further guarantee it.

I don't see that. But I see a lot of disadvantages. E.g. ioquake
releases only occur every couple of years. Long before the next
release occurs it might not make sense to maintain the last
release, because it's simply depending on a lot of outdated
infrastructure.

Regards



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B2B78E8.7060106>