Add a new Do's and Don'ts section on distfile rerolling

PR: docs/104126 Submitted by: novel, pav English police: ceri
svn path=/head/; revision=28791
2006-10-07 19:38:19 +00:00 · 2006-10-07 19:38:19 +00:00 · 1affd9375c · 2020-12-08 03:00:23 +00:00
commit 1affd9375c
parent 979943c44b
1 changed files with 21 additions and 0 deletions
--- a/en_US.ISO8859-1/books/porters-handbook/book.sgml
+++ b/en_US.ISO8859-1/books/porters-handbook/book.sgml
@ -10222,6 +10222,27 @@ IGNORE=POINTYHAT is not supported
 	  special need.</para>
      </sect1>

+      <sect1 id="dads-rerolling-distfiles">
+	<title>Rerolling distfiles</title>
+
+	<para>Sometimes the authors of software change the content of
+	  released distfiles without changing the file's name.  You have
+	  to verify that the changes are official and have been performed
+	  by the author.  It has happened in the past that the distfile
+	  was silently altered on the download servers with the intent
+	  to cause harm or compromise end user security.</para>
+
+	<para>Put the old distfile aside, download the new one, unpack
+	  them and compare the content with &man.diff.1;.  If you see
+	  nothing suspicious, you can update <filename>distinfo</filename>.
+	  Be sure to summarize the differences in your PR or commit log,
+	  so that other people know that you have taken care to ensure
+	  that nothing bad has happened.</para>
+
+	<para>You might also want to contact the authors of the software
+	  and confirm the changes with them.</para>
+      </sect1>
+
      <sect1 id="dads-workarounds">
 	<title>Necessary workarounds</title>