On Tue, Nov 10, 2009 at 06:12:40PM +0000, RW wrote:
> On Tue, 10 Nov 2009 12:32:28 +0200
> Peter Pentchev <r...@ringlet.net> wrote:
> > The Ports Collection's distfile checksums make sure that you get
> > exactly the same files *as the port maintainer examined at some
> > previous moment in time*.
> More importantly it guards against maliciously modified source code.
> Someone might break into a legitimate mirror or use dns poisoning to
> distribute malware.

That's the whole point :)  That's also why the maintainer is supposed to
examine the files before submitting (or committing) a port update -
to guard against source code that has been maliciously modified on
the master sites (or on fake master sites that the maintainer has been
redirected to).


Peter Pentchev  r...@ringlet.net    r...@space.bg    r...@freebsd.org
PGP key:        http://people.FreeBSD.org/~roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
If wishes were fishes, the antecedent of this conditional would be true.

Attachment: pgpIONgN43NT0.pgp
Description: PGP signature

Reply via email to