pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: CVS commit: pkgsrc/archivers/szip



On Sun, Nov 20, 2011 at 12:23:22PM +0100, John Marino wrote:
> On 11/20/2011 9:53 AM, Bernd Ernesti wrote:
> >
> >Did you checked the difference between the old and the new one?
> >
> >Sometimes this happend for other packages in the past and then there
> >was a security issue.
> >
> >Bernd
> >
> 
> No, I didn't check to that level.
> The maintainers of this package have done this 3 times before, but the 
> tarball is definitely retrieved from the same location as always.

Maybe he checked the archive before doing it.

> It's an absurd policy on their part though.

I agree but you should really check the difference between the two
versions. IMHO that package is a good target for introducing a
backdoor with there ignorance to change the archive name and just
replacing the old archive.

Bernd




Home | Main Index | Thread Index | Old Index