12.17. Rerolling Distfiles

Sometimes the authors of software change the content of released distfiles without changing the file's name. Verify that the changes are official and have been performed by the author. It has happened in the past that the distfile was silently altered on the download servers with the intent to cause harm or compromise end user security.

Put the old distfile aside, download the new one, unpack them and compare the content with diff(1). If there is nothing suspicious, update distinfo. Be sure to summarize the differences in the PR or commit log, so that other people know that nothing bad has happened.

Contact the authors of the software and confirm the changes with them.

