Problems found with existing digests:
Package memconf distfile memconf-2.16/memconf.gz
b6f4b736cac388dddc5070670351cf7262aba048 [recorded]
95748686a5ad8144232f4d4abc9bf052721a196f [calculated]
Problems found locating distfiles:
Package dc-tools: missing distfile dc-tools/abs0-dc-burn-netbsd-1.5-0-gae55ec9
Package ipw-firmware: missing distfile ipw2100-fw-1.2.tgz
Package iwi-firmware: missing distfile ipw2200-fw-2.3.tgz
Package nvnet: missing distfile nvnet-netbsd-src-20050620.tgz
Package syslog-ng: missing distfile syslog-ng-3.7.2.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
developer is officially maintaining the package.
The rationale for changing this from "tech-pkg" to "pkgsrc-users" is
that it implies that any user can try to maintain the package (by
submitting patches to the mailing list). Since the folks most likely
to care about the package are the folks that want to use it or are
already using it, this would leverage the energy of users who aren't
developers.
TCX is a system designed for the transparent decompression, execution
and recompression of executables under Unix. It allows configuration
options such as the type of compression system used (compress(1),
gzip(1), your own local system etc), timeouts between recompressions,
and emergency directories in case a decompression fails from shortage
of disk space. The system is designed with a reasonable amount of
robustness in mind, such as in the event of system crashes, or races
on trying to uncompress, compress or execute something.
This software is quite old (vintage 1993-94), and some things have moved
on since then. In particular, untcx is setuid root. I have done a minor
security audit, but anyone installing this software is invited to conduct
one for themselves.
===========================================================================
$NetBSD: MESSAGE,v 1.2 2002/09/12 19:37:07 wiz Exp $
WARNING - this package contains a setuid root executable called
untcx, which was written in 1994, and contained calls to getwd(3),
sprintf(3), strcpy(3) and strcat(3). I've done a minor audit of
the code, and have fixed the above functions with calls to safer
alternatives, but you may wish to delete this package from your
own systems until you have carried out your own audit.
===========================================================================
