Updating distinfo without checking the content

To: tech-pkg%NetBSD.org@localhost
Subject: Updating distinfo without checking the content
From: Bernd Ernesti <netbsd%lists.veego.de@localhost>
Date: Sat, 22 Mar 2014 18:20:55 +0100

Hi,

what do others think about this problem?

Without checking the binary this can be a security issue.

Bernd

----- Forwarded message from Bernd Ernesti <netbsd%lists.veego.de@localhost> 
-----

Date: Sat, 15 Mar 2014 08:37:29 +0100
From: Bernd Ernesti <netbsd%lists.veego.de@localhost>
Subject: Re: CVS commit: pkgsrc/graphics/dcraw
To: Ryo ONODERA <ryoon%netbsd.org@localhost>
Cc: pkgsrc-changes%NetBSD.org@localhost
References: <20140315001603.9843396%cvs.netbsd.org@localhost>

Hi,

On Sat, Mar 15, 2014 at 12:16:03AM +0000, Ryo ONODERA wrote:
> Module Name:  pkgsrc
> Committed By: ryoon
> Date:         Sat Mar 15 00:16:03 UTC 2014
> 
> Modified Files:
>       pkgsrc/graphics/dcraw: Makefile distinfo
> 
> Log Message:
> Set DIST_SUBDIR
> dcraw-9.20.tar.gz in distinfo, on ftp.NetBSD.org, and on MASTER_SITES are
> different.

Did you check the difference what changed on the master site?

If not we need to first analyze if there is no issue with the new version
on the master site. There were in the past code changes in some other
packages where malicious code was added.

Bernd

----- End forwarded message -----

Follow-Ups:
- Re: Updating distinfo without checking the content
  - From: Ryo ONODERA
- Re: Updating distinfo without checking the content
  - From: Greg Troxel

Prev by Date: Re: NetBSD current's native xorg support
Next by Date: Re: Updating distinfo without checking the content
Previous by Thread: NetBSD current's native xorg support
Next by Thread: Re: Updating distinfo without checking the content
Indexes:

Home | Main Index | Thread Index | Old Index