[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: CVS commit: pkgsrc/graphics/ImageMagick
Bernd Ernesti wrote:
> On Thu, Aug 27, 2009 at 05:52:55PM +0000, Jens Rehsack wrote:
>> Module Name: pkgsrc
>> Committed By: sno
>> Date: Thu Aug 27 17:52:55 UTC 2009
>> Modified Files:
>> pkgsrc/graphics/ImageMagick: Makefile distinfo
>> Log Message:
>> Updating package graphics/ImageMagick from 18.104.22.168 to 22.214.171.124nb1 because
>> package file on server has changed without new release.
>> No upstream notice about new package is provided.
> Did you check what changed?
No, not really - I took the new archive, check if it builds and simple
checks if it works, if PLIST was ok - and that's it.
> There were a few archives in the past where someone added a backdoor in it.
And put it to the official sites? o.O
If this is to assume, it's better check every update, right? There could
always be a backdoor in it.
What's happened more often - if you read the ChangeLog of ImageMagick, that
they released a new archive with similar version short time after the first
release of this version.
> IMHO it should be checked what changed and not just update the checksum.
If this is true, I wont do any updates anymore, because I don't have the
time to review all code.
Main Index |
Thread Index |