Add a new Do's and Don'ts section on distfile rerolling

PR:		docs/104126
Submitted by:	novel, pav
English police:	ceri

en_US.ISO8859-1/books/porters-handbook/book.sgml

@@ -10222,6 +10222,27 @@ IGNORE=POINTYHAT is not supported
 	  special need.</para>
       </sect1>
 
+      <sect1 id="dads-rerolling-distfiles">
+	<title>Rerolling distfiles</title>
+
+	<para>Sometimes the authors of software change the content of
+	  released distfiles without changing the file's name.  You have
+	  to verify that the changes are official and have been performed
+	  by the author.  It has happened in the past that the distfile
+	  was silently altered on the download servers with the intent
+	  to cause harm or compromise end user security.</para>
+
+	<para>Put the old distfile aside, download the new one, unpack
+	  them and compare the content with &man.diff.1;.  If you see
+	  nothing suspicious, you can update <filename>distinfo</filename>.
+	  Be sure to summarize the differences in your PR or commit log,
+	  so that other people know that you have taken care to ensure
+	  that nothing bad has happened.</para>
+
+	<para>You might also want to contact the authors of the software
+	  and confirm the changes with them.</para>
+      </sect1>
+
       <sect1 id="dads-workarounds">
 	<title>Necessary workarounds</title>