2011/10/23 Alexey Dokuchaev <da...@freebsd.org>:
> That's nice to know, but our bylaws require manual verification of the
> contents of two distfiles when they change with no apparent reason (that is,
> version stays the same) and presenting results in the commit log.

I checked the GPG signature of the file I downloaded. I was made aware
that I should have included some indication of such in the commit log
and will do so in the future.

> It (not doing so) had bitten us before, ARAIR.

As a security researcher who has found issues before in various open
source projects, I fully understand the concern.


-- 
Eitan Adler
Ports committer
X11, Bugbusting teams
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscr...@freebsd.org"

Reply via email to