Archives
Archives
| From: | Alexander Holler <holler@××××××××××.de> |
|---|---|
| To: | gentoo-dev@g.o |
| Subject: | [gentoo-dev] Idea about signing ebuilds |
| Date: | Thu, 06 Jun 2002 15:19:41 |
| Message-Id: | 92340000.1023389790@krabat.ahsoftware |
| 1 | Hello, |
| 2 | |
| 3 | what do you think about signing the ebuilds and digests with gpg? |
| 4 | |
| 5 | That would make it harder for blackhats to introduce a worm or something |
| 6 | similiar (if they have got access to an rsync mirror). |
| 7 | |
| 8 | My idea is to automatically sign the released ebuilds (before mirroring |
| 9 | them) with a key of gentoo.org. |
| 10 | |
| 11 | Then emerge could check the sign and could discard wrong ebuilds or just |
| 12 | throws a warning (preferable customized with make.conf). |
| 13 | |
| 14 | Just my 2 cents. ;) |
| 15 | |
| 16 | |
| 17 | Alexander |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] Idea about signing ebuilds | Frank Tobin <ftobin@×××××××××××.org> |
| Re: [gentoo-dev] Idea about signing ebuilds | Jean-Michel Smith <jsmith@××××.com> |
| Re: [gentoo-dev] Idea about signing ebuilds | Jeremiah Mahler <jmahler@×××××××.net> |