On 2011.10.03. 20:51, Doug Barton wrote:
Confirming with the author is fine, but did you compare the old and new
distfiles yourself? If so, what changed?
Don't take my comment personally, I just picked this particular mail to
reply to. I have never understood why such issues have been taken so
seriously. Imo, if the author confirms the change that should be enough.
If we had audited the initial port and each new upgrade, a stricter
check would make sense but we don't do that so the port can still have
malicious code from earlier versions (e.g. irc/unreal did [1]).
Verifying just one diff between two distfiles does not guarantee safe
and sane code.
Cheers,
Gabor
[1] http://forums.unrealircd.com/viewtopic.php?t=6562
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[email protected]"
