> I update a port's version, download the new distfile, compute the checksums, > verify the port builds and looks somewhat sane, and commit it. The checksums > are there to ensure anyone else who tries to install the port gets the same > distfile I got.
I do this as well :-) I rely on the buildbot and tickets to point out issues. I find it less likely that I'd be given a phishy distfile than the buildbot or other users: if there's a discrepancy then I'll explore it further. Similarly, as I mentioned in the other thread, if we really do want to concern ourselves with matching the upstream checksums we can actually include _all_ checksums in every portfile.
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
