Poisoned Savannah Mirror List
Christopher Chavez
chrischavez at gmx.us
Tue Aug 4 23:05:48 UTC 2020
On 8/4/2020 5:21 PM, Fred Wright wrote:
> I don't know how "babyname.tips" got into the mirror list, since the
> name suggests that it's completely inappropriate, but it seems to have
> been there for almost three years, due to commit 49ffee556c1a. Perhaps
> that's been benign until recently, but now viewing that directory gives:
From looking online briefly, others too had doubts over the name of
this host (perhaps because it was for behind-the-scenes purposes, the
domain owner wanted something with potential resale value or
humor/memorability; there is no single agreed-upon definition of
professionalism in open source). But it appears to have once been a
legitimate mirror for open source projects, based in Germany and started
in early/mid 2017, but was defunct by late 2017/early 2018. Mirrors come
and go, although this one appears rather short-lived. I'm not aware of
any malice, and I would keep in mind the safeguards of MacPorts'
checksums (ports can also use PGP verification) and own distfile mirrors.
I have opened a pull request to remove the host:
https://github.com/macports/macports-ports/pull/7965
Christopher A. Chavez
More information about the macports-dev
mailing list