Date: Tue, 14 Dec 2010 03:08:09 +0000 From: Alexey Dokuchaev <danfe@FreeBSD.org> To: Wesley Shields <wxs@FreeBSD.org> Cc: "Philip M. Gollucci" <pgollucci@p6m7g8.com>, cvs-ports@FreeBSD.org, "Philip M. Gollucci" <pgollucci@FreeBSD.org>, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/chinese/ibus-chewing distinfo Message-ID: <20101214030809.GB20090@FreeBSD.org> In-Reply-To: <20101213183453.GA27831@atarininja.org> References: <201012130437.oBD4bHEq008860@repoman.freebsd.org> <20101213164130.GA48218@atarininja.org> <4D06639E.1080405@p6m7g8.com> <20101213183453.GA27831@atarininja.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Dec 13, 2010 at 01:34:53PM -0500, Wesley Shields wrote: > On Mon, Dec 13, 2010 at 06:19:10PM +0000, Philip M. Gollucci wrote: > > On 12/13/10 16:41, Wesley Shields wrote: > > > On Mon, Dec 13, 2010 at 04:37:17AM +0000, Philip M. Gollucci wrote: > > >> pgollucci 2010-12-13 04:37:17 UTC > > >> > > >> Modified files: > > >> chinese/ibus-chewing distinfo > > >> Log: > > >> - Fix checksum > > > > > > I thought it was a good idea to state what changed when a distfile was > > > re-rolled without a version bump. > > > > Well it is, but they re-rolled inbetween my tb test, commit and QAT > > processing it. I can go digg it up but I was just trying to fix the QAT > > nag mail at the time. > > I'm not requesting that you do that, but it could potentially be a > malicious distfile now. We need to be extra careful not to propagate > those if we can help it, hence the suggestion to document what was > changed in order to show due diligence. > > I realize the chances of this one being malicious is small, but it is > best to diff the two before commit, even if QAT is angry at you. It does not matter how low are chances. It is clearly *required* (both by common sense and our policy) to manually review any differences in distfiles when checksum silently changes without obvious reason. Confirming with upstream developer/maintainer is also good thing to do. I am surprised we even need to discuss these things. ./danfe
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101214030809.GB20090>