cvs commit: ports/sysutils/smartmontools distinfo
Eitan Adler
eadler at freebsd.org
Mon Oct 24 01:47:33 UTC 2011
2011/10/23 Alexey Dokuchaev <danfe at freebsd.org>:
> That's nice to know, but our bylaws require manual verification of the
> contents of two distfiles when they change with no apparent reason (that is,
> version stays the same) and presenting results in the commit log.
I checked the GPG signature of the file I downloaded. I was made aware
that I should have included some indication of such in the commit log
and will do so in the future.
> It (not doing so) had bitten us before, ARAIR.
As a security researcher who has found issues before in various open
source projects, I fully understand the concern.
--
Eitan Adler
Ports committer
X11, Bugbusting teams
More information about the cvs-ports
mailing list