Wiadomość napisana przez John Marino <freebsd.cont...@marino.st> w dniu 26 maj 2014, o godz. 21:54:
> On 5/26/2014 21:36, Bartłomiej Rutkowski wrote: >> I've just mailed the upstream, explaining the situation and >> suggesting releasing such changes as minor version numbers, like >> 2.0.1 or something similar. We'll see what, if any response will I >> receive, but for now, please, patch the port with new distinfo you've >> proposed. If this happens again and we wont get any answer by that >> time, we'll consider hosting the distfiles or removing the port. > > Hi Bartek, > The issue is that I can't blindly update the distinfo. Somebody (almost > always the maintainer) has to "diff" the original version and the new > version and evaluate exactly what changed and if it's malicious. > > I already got chewed out last week for not verifying this personally, > but I generally trust the maintainer if he/she said he did this. Have > you actually looked inside the new tarball? > > Thanks, > John John, Actually, this havent crossed my mind, that the distfiles could not have been simply re-released due to malicious activity and only thought this was because of bad practice, so I havent actually looked into the tarball, but instead only checked it it builds correctly on all supported system versions. I am well aware of the possible danger and consequences but it just havent lighten the red light in my head this time, sorry! The author already replied to me, and I am in process of figuring out what's going on - I'll update you as soon as I'll know anything. Kind regards, Bartek Rutkowski _______________________________________________ freebsd-python@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-python To unsubscribe, send any mail to "freebsd-python-unsubscr...@freebsd.org"
