Mark Linimon wrote: > On Thu, Dec 17, 2009 at 04:48:43PM +0100, Dominic Fandrey wrote: >> A committer explained to me that he doesn't want to deal with SVN >> snapshot based ports. Is that a common attitude and what should >> I do to remedy this? > > Well, the problem is that we (FreeBSD) can't guarantee whether the > contents of a resulting package are secure or not, or really, what > the contents are at all. I personally would only be comfortable with > a default setting of NO_PACKAGE in this case. Individual users could > manually override it.
But that's not different for any port. E.g. sysutils/bsdadminscripts is all mine, I create the distfiles and maintain the port, their is no guarantee that I don't do evil apart from me being quite certain that I don't. Why can one assume that an ioquake release is safe? One really cannot. It's made by the same people who maintain the non-trustworthy SVN. What if I created a sourceforge project freebsd-ioquake and published my distfiles there as ioquake freebsd releases. Would it suddenly turn trustworthy? Also it's a -devel port. That kinda screams "At your own risk" right into your face. > I don't know if there is a formal policy about such ports. Probably, > there ought to be. I think there can be no guarantee given for anything whatsoever. So I do not see how a policy could be useful. -- A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
