Marcus MERIGHI <[email protected]> wrote: > Hello, > > according to https://lwn.net/Articles/762264/ > bzip.org is for sale and should not be trusted. > > The port currently has: > > HOMEPAGE= http://www.bzip.org/ > MASTER_SITES= ${HOMEPAGE}${VERSION}/ > > The article above does not speak of a new home of bzip2.
That's why the ports tree checks hashes and such: SHA256 (bzip2-1.0.6.tar.gz) = ooSPNPzV1s9H3vAEYfy1KKBITY7e+CCNbS4pCdxh2c0= SIZE (bzip2-1.0.6.tar.gz) = 782025 If the new owners have the technology to violate those two trusts, they'll be going after some more more signicant targets first... However whenever this port gets updated to a new hash, that is when someone has to ensure things look legit. Of course, the non-trust case of files falling off the net is a different conversation..
