portupgrade-devel -- lack of distfile checksums

ID B428E6B3-926C-11E1-8D7B-003067B2972C
Type freebsd
Reporter FreeBSD
Modified 2012-05-06T00:00:00


Ports security team reports: The portupgrade-devel port fetched directly from a git respository without checking against a known good SHA hash. This means that it is possible that packages built using this port may not match the one vetted by the maintainer. Users are advised to rebuild portupgrade-devel from known good sources.