pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: pkgsrc/graphics/ImageMagick



Bernd Ernesti wrote:
> On Thu, Aug 27, 2009 at 05:52:55PM +0000, Jens Rehsack wrote:
>> Module Name: pkgsrc
>> Committed By:        sno
>> Date:                Thu Aug 27 17:52:55 UTC 2009
>>
>> Modified Files:
>>      pkgsrc/graphics/ImageMagick: Makefile distinfo
>>
>> Log Message:
>> Updating package graphics/ImageMagick from 6.5.5.3 to 6.5.5.3nb1 because
>> package file on server has changed without new release.
>>
>> No upstream notice about new package is provided.
> 
> Did you check what changed?

No, not really - I took the new archive, check if it builds and simple
checks if it works, if PLIST was ok - and that's it.

> There were a few archives in the past where someone added a backdoor in it.

And put it to the official sites? o.O
If this is to assume, it's better check every update, right? There could
always be a backdoor in it.

What's happened more often - if you read the ChangeLog of ImageMagick, that
they released a new archive with similar version short time after the first
release of this version.

> IMHO it should be checked what changed and not just update the checksum.

If this is true, I wont do any updates anymore, because I don't have the
time to review all code.

Jens


Home | Main Index | Thread Index | Old Index