Date: Mon, 29 Jan 2007 19:52:42 -0500 From: Jason Harris <jharris@widomaker.com> To: Gabor Kovesdan <gabor@FreeBSD.org> Cc: cvs-ports@FreeBSD.org, Jason Harris <jharris@widomaker.com>, secteam@FreeBSD.org, cvs-all@FreeBSD.org, ports-committers@FreeBSD.org Subject: Re: cvs commit: ports/audio/gnump3d Makefile distinfo ports/devel/bglibs Makefile ports/devel/cppi Makefile ports/devel/cvsd Makefile ports/dns/walker Makefile distinfo ports/ftp/lftp Makefile distinfo ports/ftp/twoftpd Makefile ... Message-ID: <20070130005242.GA1059@wilma.widomaker.com> In-Reply-To: <200701291905.l0TJ57fG093002__13365.9557941884$1170098220$gmane$org@repoman.freebsd.org> References: <200701291905.l0TJ57fG093002__13365.9557941884$1170098220$gmane$org@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--17pEHd4RhPHOinZp Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Jan 29, 2007 at 07:05:07PM +0000, Gabor Kovesdan wrote: > gabor 2007-01-29 19:05:07 UTC >=20 > FreeBSD ports repository >=20 > Modified files: > Log: > Remove USE_GPG from all effected ports. This knob is a no-op and the wa= y it > was supposed to work is useless, because if we can't trust the distfile= from > the remote machine, we can't trust the signature from the same machine = either. > Our MD5 and SHA256 are good for checking both the sanity and the > trustiness of distfiles. > =20 > Approved by: portmgr (erwin), erwin (mentor) Please revert this. =20 And, more importantly, please respect MAINTAINERs' wishes to make their ports more secure, by allowing the _automatic_ checking of GPG signatures as a first line of defense, rather than less secure. Thank you. (secteam@ CC'd, clearly portmgr(erwin)@ needs some sanity and "trustiness" checking (and balancing)). > Revision Changes Path > 1.47 +0 -4 ports/audio/gnump3d/Makefile > 1.25 +0 -3 ports/audio/gnump3d/distinfo > 1.29 +0 -2 ports/devel/bglibs/Makefile > 1.2 +0 -4 ports/devel/cppi/Makefile > 1.42 +0 -1 ports/devel/cvsd/Makefile > 1.14 +0 -4 ports/dns/walker/Makefile > 1.8 +0 -3 ports/dns/walker/distinfo > 1.115 +0 -4 ports/ftp/lftp/Makefile > 1.77 +0 -3 ports/ftp/lftp/distinfo > 1.16 +0 -2 ports/ftp/twoftpd/Makefile > 1.9 +0 -3 ports/ftp/twoftpd/distinfo > 1.45 +0 -2 ports/mail/maildrop/Makefile > 1.20 +0 -3 ports/mail/maildrop/distinfo > 1.19 +0 -2 ports/mail/mailfront/Makefile > 1.15 +0 -3 ports/mail/mailfront/distinfo > 1.9 +0 -2 ports/mail/qmail-autoresponder/Makefile > 1.5 +0 -3 ports/mail/qmail-autoresponder/distinfo > 1.5 +0 -2 ports/mail/qmail-qfilter/Makefile > 1.5 +0 -3 ports/mail/qmail-qfilter/distinfo > 1.7 +0 -1 ports/mail/t-prot/Makefile > 1.7 +0 -3 ports/mail/t-prot/distinfo > 1.25 +0 -1 ports/net/wol/Makefile > 1.6 +0 -3 ports/net/wol/distinfo > 1.18 +0 -2 ports/security/libgpg-error/Makefile > 1.9 +0 -3 ports/security/libgpg-error/distinfo > 1.41 +0 -2 ports/security/libprelude/Makefile > 1.22 +0 -2 ports/security/libpreludedb/Makefile > 1.38 +0 -4 ports/security/lsh/Makefile > 1.31 +0 -2 ports/security/prelude-lml/Makefile > 1.41 +0 -2 ports/security/prelude-manager/Makefile > 1.4 +1 -4 ports/security/sks/Makefile > 1.3 +0 -3 ports/security/sks/distinfo > 1.78 +0 -2 ports/security/snort/Makefile > 1.6 +0 -2 ports/security/snort_inline/Makefile > 1.13 +0 -4 ports/sysutils/coreutils/Makefile > 1.6 +0 -5 ports/sysutils/coreutils/distinfo > 1.41 +0 -5 ports/sysutils/less/Makefile > 1.20 +0 -5 ports/sysutils/less/distinfo > 1.41 +0 -4 ports/www/cadaver/Makefile > 1.16 +0 -3 ports/www/cadaver/distinfo > 1.116 +0 -5 ports/www/lynx/Makefile > 1.134 +0 -12 ports/www/lynx/distinfo --=20 Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it? jharris@widomaker.com _|_ web: http://keyserver.kjsl.com/~jharris/ Got photons? (TM), (C) 2004 --17pEHd4RhPHOinZp Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iJ0EARECAF0FAkW+ltpWGGh0dHA6Ly9rZXlzZXJ2ZXIua2pzbC5jb206MTEzNzEv cGtzL2xvb2t1cD9vcD1nZXQmc2VhcmNoPTB4RDM5REEwRTMmd2VoYXZleW91bm93 PXRydWUACgkQSypIl9OdoOMSdwCgqFWu0ZubSnZI2OSab0D7zwRNg7wAoMOOoc+q qveWwgUimOF3/srB4MZw =zi5h -----END PGP SIGNATURE----- --17pEHd4RhPHOinZp--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070130005242.GA1059>