On Fri, Dec 18, 2009 at 12:31:38PM +0100, Dominic Fandrey wrote: > But that's not different for any port. E.g. sysutils/bsdadminscripts is > all mine, I create the distfiles and maintain the port, their is no > guarantee that I don't do evil apart from me being quite certain that > I don't.
Sure there is. That's why we have ports committers. They are supposed to audit the changes to the port to make sure that the changes are safe. In particular, I expect that they check that the changes are not so extensive that they indicate the distributing system has been hacked. > Why can one assume that an ioquake release is safe? One really cannot. > It's made by the same people who maintain the non-trustworthy SVN. There's no such check as the above possible with checkouts from a source control system. You get whatever is on that box at time T. > Also it's a -devel port. That kinda screams "At your own risk" right > into your face. And NO_PACKAGES would further guarantee it. mcl _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"