Re: CVS commit: pkgsrc/graphics/ImageMagick

To: Jens Rehsack <rehsack%googlemail.com@localhost>
Subject: Re: CVS commit: pkgsrc/graphics/ImageMagick
From: Bernd Ernesti <netbsd%lists.veego.de@localhost>
Date: Thu, 27 Aug 2009 21:44:36 +0200

On Thu, Aug 27, 2009 at 07:27:46PM +0000, Jens Rehsack wrote:
> Bernd Ernesti wrote:
> > On Thu, Aug 27, 2009 at 05:52:55PM +0000, Jens Rehsack wrote:
> >> Module Name:       pkgsrc
> >> Committed By:      sno
> >> Date:              Thu Aug 27 17:52:55 UTC 2009
> >>
> >> Modified Files:
> >>    pkgsrc/graphics/ImageMagick: Makefile distinfo
> >>
> >> Log Message:
> >> Updating package graphics/ImageMagick from 6.5.5.3 to 6.5.5.3nb1 because
> >> package file on server has changed without new release.
> >>
> >> No upstream notice about new package is provided.
> > 
> > Did you check what changed?
> 
> No, not really - I took the new archive, check if it builds and simple
> checks if it works, if PLIST was ok - and that's it.
> 
> > There were a few archives in the past where someone added a backdoor in it.
> 
> And put it to the official sites? o.O

Yes.

e.g

irssi-0.8.4.tar.gz
libpng-1.2.27.tar.bz2

> If this is to assume, it's better check every update, right? There could
> always be a backdoor in it.

Thomas explained in more detail what and when it should be done.

Bernd

References:
- CVS commit: pkgsrc/graphics/ImageMagick
  - From: Jens Rehsack
- Re: CVS commit: pkgsrc/graphics/ImageMagick
  - From: Bernd Ernesti
- Re: CVS commit: pkgsrc/graphics/ImageMagick
  - From: Jens Rehsack

Prev by Date: CVS commit: pkgsrc/audio
Next by Date: Re: CVS commit: pkgsrc/graphics/ImageMagick
Previous by Thread: Re: CVS commit: pkgsrc/graphics/ImageMagick
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index