Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 14 Dec 2000 13:14:40 -0500
From:      Will Andrews <will@physics.purdue.edu>
To:        Kris Kennaway <kris@FreeBSD.org>
Cc:        Will Andrews <will@physics.purdue.edu>, Warner Losh <imp@village.org>, Peter Pentchev <roam@FreeBSD.org>, ports@FreeBSD.org, security-officer@FreeBSD.org
Subject:   Re: cvs commit: ports/databases/gigabase distinfo
Message-ID:  <20001214131440.M1873@puck.firepipe.net>
In-Reply-To: <20001214101146.A26851@citusc.usc.edu>; from kris@FreeBSD.org on Thu, Dec 14, 2000 at 10:11:46AM -0800
References:  <20001214122157.G1873@puck.firepipe.net> <200012141225.eBECPn385434@freefall.freebsd.org> <20001214122157.G1873@puck.firepipe.net> <200012141726.KAA48452@harmony.village.org> <20001214124734.I1873@puck.firepipe.net> <20001214101146.A26851@citusc.usc.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Dec 14, 2000 at 10:11:46AM -0800, Kris Kennaway wrote:
> We have to chase the checksum so the port still works. But we (the
> FreeBSD security community) need assurances that the change was benign
> and not a trojan introduced by a compromised server, and the ports
> community needs assurances that the software functionality has or has
> not changed significantly. Sure, it's bad release engineering for an
> author to do the latter, but it happens and we have to deal with it.

You're right.. not sure what I'm smoking.  :)
I guess I'm just really pissed at people who do this..

-- 
wca


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20001214131440.M1873>