Re: distfile checksum error in graphics/MesaLib

To: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
Subject: Re: distfile checksum error in graphics/MesaLib
From: Tobias Nygren <tnn%NetBSD.org@localhost>
Date: Thu, 21 Aug 2008 21:27:25 +0200

On Thu, 21 Aug 2008 14:00:17 -0500 (CDT)
"Jeremy C. Reed" <reed%reedmedia.net@localhost> wrote:

> On Thu, 21 Aug 2008, Tobias Nygren wrote:
> 
> > I've updated the checksums to match md5sums I found at:
> > http://mesa3d.sourceforge.net/relnotes-7.0.4.html
> 
> What if the webpage and tarballs were both compromised?
> 
> Have we compared the original tarball with new?

No, the "original" tarballs were prerelease code that was tar'ed into
tarballs that were named like, and looked like official ones and
dropped by the package's maintainer into MASTER_SITE_LOCAL,
http://ftp.netbsd.org/pub/pkgsrc/distfiles/LOCAL_PORTS/Mesa-7.0.4/ were
you can still find them. I strongly object to this practice of rolling
our own distfiles for use in pkgsrc.
This will also now start to break for people who have the old distfiles,
because DIST_SUBDIR hasn't changed.
Can we please just wait the extra week for upstream to prepare a release
instead of blindly jumping on the latest and greatest code from git?

> Please see Pkgsrc Guide for instructions on this.

I know.

-Tobias

References:
- distfile checksum error in graphics/MesaLib
  - From: Tobias Nygren
- Re: distfile checksum error in graphics/MesaLib
  - From: Tobias Nygren
- Re: distfile checksum error in graphics/MesaLib
  - From: Jeremy C. Reed

Prev by Date: Re: distfile checksum error in graphics/MesaLib
Next by Date: Changes to OpenBSD m4
Previous by Thread: Re: distfile checksum error in graphics/MesaLib
Next by Thread: Changes to OpenBSD m4
Indexes:

Home | Main Index | Thread Index | Old Index