On 06.11.18 23:29, Nicholas Papadonis wrote: > Do you know anything about the process to integrate new source code, > review changes that are Mac specific, mark branches stable, build and > release? Do particular users have privileged access to be part of this > process?
There are no special privileges with regard to any part of the ports tree or base development. All project members have the same access level. Things that are only handled by the infrastructure team would be server administration and ownership of the GitHub project. Code review happens over pull requests on GitHub and also the mailing list macports-changes [1], where all commits to base and ports are announced. Note there are only a handful of regular base developers. Creation of new base branches is usually announces on the macports-dev mailing list. For new 2.x.0 releases, we usually have several release candidates first, for which everyone should feel invited to test the changes. > I suspect this is an issue with any open source project, however am > curious how MacPorts itself ensures the code from the project makes it > to release as original as possible. I hope these are the right > questions to ask form a security standpoint. Hm, I do not think there is anything special in place. Whoever signs a MacPorts base release has also built the binaries. We have to trust the release builder in the same way any user that receives such a package installer has to trust them. Rainer [1] https://lists.macports.org/mailman/listinfo/macports-changes [2] https://lists.macports.org/mailman/listinfo/macports-dev
