From owner-freebsd-ports@FreeBSD.ORG Fri Dec 18 12:43:21 2009 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ED4FD106566B for ; Fri, 18 Dec 2009 12:43:21 +0000 (UTC) (envelope-from kamikaze@bsdforen.de) Received: from mail.bsdforen.de (bsdforen.de [212.204.60.79]) by mx1.freebsd.org (Postfix) with ESMTP id AAFD08FC18 for ; Fri, 18 Dec 2009 12:43:21 +0000 (UTC) Received: from mobileKamikaze.norad (vpn-cl-162-199.rz.uni-karlsruhe.de [141.3.162.199]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.bsdforen.de (Postfix) with ESMTP id 51B658A11A2; Fri, 18 Dec 2009 13:43:20 +0100 (CET) Message-ID: <4B2B78E8.7060106@bsdforen.de> Date: Fri, 18 Dec 2009 13:43:20 +0100 From: Dominic Fandrey User-Agent: Thunderbird 2.0.0.23 (X11/20091126) MIME-Version: 1.0 To: Mark Linimon References: <4B2A52DB.5020602@bsdforen.de> <20091218065728.GC29158@lonesome.com> <4B2B681A.1090908@bsdforen.de> <20091218122126.GB1954@lonesome.com> In-Reply-To: <20091218122126.GB1954@lonesome.com> X-Enigmail-Version: 0.96.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: freebsd-ports@freebsd.org Subject: Re: ioquake3 support more platforms X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 18 Dec 2009 12:43:22 -0000 Mark Linimon wrote: > On Fri, Dec 18, 2009 at 12:31:38PM +0100, Dominic Fandrey wrote: >> But that's not different for any port. E.g. sysutils/bsdadminscripts is >> all mine, I create the distfiles and maintain the port, their is no >> guarantee that I don't do evil apart from me being quite certain that >> I don't. > > Sure there is. That's why we have ports committers. They are supposed > to audit the changes to the port to make sure that the changes are safe. > In particular, I expect that they check that the changes are not so > extensive that they indicate the distributing system has been hacked. Are committers really supposed to read the code? I find that highly improbable, even for my shell scripts that only consist of a couple KBs of code. > >> Why can one assume that an ioquake release is safe? One really cannot. >> It's made by the same people who maintain the non-trustworthy SVN. > > There's no such check as the above possible with checkouts from a source > control system. You get whatever is on that box at time T. And I'm checking what those changes are to keep this stuff running on FreeBSD. The ioquake3 project doesn't hand commit right to everyone. Look at the e17 ports. Someone takes SVN snapshots, fixes them up for FreeBSD and bundles them as distfiles. It's exactly the same process I use for ioquake3, but no one thinks the ports are untrustworthy. >> Also it's a -devel port. That kinda screams "At your own risk" right >> into your face. > > And NO_PACKAGES would further guarantee it. I don't see that. But I see a lot of disadvantages. E.g. ioquake releases only occur every couple of years. Long before the next release occurs it might not make sense to maintain the last release, because it's simply depending on a lot of outdated infrastructure. Regards