portupgrade-devel -- lack of distfile checksums

2012-04-30T00:00:00
ID B428E6B3-926C-11E1-8D7B-003067B2972C
Type freebsd
Reporter FreeBSD
Modified 2012-05-06T00:00:00

Description

Ports security team reports: The portupgrade-devel port fetched directly from a git respository without checking against a known good SHA hash. This means that it is possible that packages built using this port may not match the one vetted by the maintainer. Users are advised to rebuild portupgrade-devel from known good sources.