Mark Linimon wrote:
> On Thu, Dec 17, 2009 at 04:48:43PM +0100, Dominic Fandrey wrote:
>> A committer explained to me that he doesn't want to deal with SVN
>> snapshot based ports. Is that a common attitude and what should
>> I do to remedy this?
> 
> Well, the problem is that we (FreeBSD) can't guarantee whether the
> contents of a resulting package are secure or not, or really, what
> the contents are at all.  I personally would only be comfortable with
> a default setting of NO_PACKAGE in this case.  Individual users could
> manually override it.

But that's not different for any port. E.g. sysutils/bsdadminscripts is
all mine, I create the distfiles and maintain the port, their is no
guarantee that I don't do evil apart from me being quite certain that
I don't.

Why can one assume that an ioquake release is safe? One really cannot.
It's made by the same people who maintain the non-trustworthy SVN.

What if I created a sourceforge project freebsd-ioquake and published
my distfiles there as ioquake freebsd releases. Would it suddenly
turn trustworthy?

Also it's a -devel port. That kinda screams "At your own risk" right
into your face.

> I don't know if there is a formal policy about such ports.  Probably,
> there ought to be.

I think there can be no guarantee given for anything whatsoever. So
I do not see how a policy could be useful.

-- 
A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing on usenet and in e-mail? 
_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Reply via email to