Contributed by jose on from the md5-sha1-rmd160 dept.
As discussed in the Ports FAQ , one of the things the ports tree does is use cryptographic checksums to ensure that the right distfile has been fetched and its not corrupted, either by accident or by someone's malicious actions. This backdooring has been going on frequently in the past month or two and in each case the ports tree checksum mechanism has caught it. So, dont disregard these errors and don't run make NO_CHECKSUM=yes , which simply ignores this mismatch. Instead, you should run make checksum REFETCH=true which will fetch the distfile, known to be trusted, from the OpenBSD FTP mirrors. Use the built in integrity checking mechanisms when dealing with untrusted sources of software!
(Comments are closed)