2011/10/23 Alexey Dokuchaev <[email protected]>: > That's nice to know, but our bylaws require manual verification of the > contents of two distfiles when they change with no apparent reason (that is, > version stays the same) and presenting results in the commit log.
I checked the GPG signature of the file I downloaded. I was made aware that I should have included some indication of such in the commit log and will do so in the future. > It (not doing so) had bitten us before, ARAIR. As a security researcher who has found issues before in various open source projects, I fully understand the concern. -- Eitan Adler Ports committer X11, Bugbusting teams _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/cvs-all To unsubscribe, send any mail to "[email protected]"
