2011/10/23 Alexey Dokuchaev <da...@freebsd.org>: > That's nice to know, but our bylaws require manual verification of the > contents of two distfiles when they change with no apparent reason (that is, > version stays the same) and presenting results in the commit log.
I checked the GPG signature of the file I downloaded. I was made aware that I should have included some indication of such in the commit log and will do so in the future. > It (not doing so) had bitten us before, ARAIR. As a security researcher who has found issues before in various open source projects, I fully understand the concern. -- Eitan Adler Ports committer X11, Bugbusting teams _______________________________________________ cvs-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "cvs-all-unsubscr...@freebsd.org"