From: | Alexander Holler <holler@××××××××××.de> |
---|---|
To: | gentoo-dev@g.o |
Subject: | [gentoo-dev] Idea about signing ebuilds |
Date: | Thu, 06 Jun 2002 15:19:41 |
Message-Id: | 92340000.1023389790@krabat.ahsoftware |
1 | Hello, |
2 | |
3 | what do you think about signing the ebuilds and digests with gpg? |
4 | |
5 | That would make it harder for blackhats to introduce a worm or something |
6 | similiar (if they have got access to an rsync mirror). |
7 | |
8 | My idea is to automatically sign the released ebuilds (before mirroring |
9 | them) with a key of gentoo.org. |
10 | |
11 | Then emerge could check the sign and could discard wrong ebuilds or just |
12 | throws a warning (preferable customized with make.conf). |
13 | |
14 | Just my 2 cents. ;) |
15 | |
16 | |
17 | Alexander |
Subject | Author |
---|---|
Re: [gentoo-dev] Idea about signing ebuilds | Frank Tobin <ftobin@×××××××××××.org> |
Re: [gentoo-dev] Idea about signing ebuilds | Jean-Michel Smith <jsmith@××××.com> |
Re: [gentoo-dev] Idea about signing ebuilds | Jeremiah Mahler <jmahler@×××××××.net> |