1 |
begin quote |
2 |
On Wed, 24 Mar 2004 21:07:08 +0000 |
3 |
Chris Bainbridge <c.j.bainbridge@×××××.uk> wrote: |
4 |
|
5 |
> On Wednesday 24 March 2004 14:52, Paul de Vrieze wrote: |
6 |
> > It also more than quadruples the efforts needed for actually |
7 |
> > committing a |
8 |
> > change to an ebuild. As a start we can better have single signing |
9 |
> > that |
10 |
> > spending months on reorganization and devising a way to have |
11 |
> > practical |
12 |
> > multiple signing. |
13 |
> > |
14 |
> > The problem is that signing can be done today. Multiple signing will |
15 |
> > need |
16 |
> > probably at least a half year. |
17 |
> |
18 |
> You are making this way more complicated than it needs to be: |
19 |
> |
20 |
> 1. add a subdirectory (say .secure) to each directory in /usr/portage. |
21 |
> In this store a file containing a SHA hash for all files in the |
22 |
> parent dir(the files and directory file names; this could be done |
23 |
> using a pipe through tar): |
24 |
|
25 |
erm. Isn't the Manifest file in each directory good enough? |
26 |
Manifest.gpg can be generated at Manifest creation time, commited to cvs |
27 |
and so on.. The issue isn't there, the issue is the key validation. |
28 |
|
29 |
|
30 |
The issue we fear isn't one where the ACL's are blocked. its how do we |
31 |
protect each key? How do we mark a key as "good" and not, how do we |
32 |
have infrastructure to do this? What about a master signing key? How do |
33 |
we do that and make sure that doesn't go boom? |
34 |
|
35 |
the detail of what file to sign was solved ages ago ;) |
36 |
|
37 |
//Spider |
38 |
|
39 |
|
40 |
-- |
41 |
begin .signature |
42 |
Tortured users / Laughing in pain |
43 |
See Microsoft KB Article Q265230 for more information. |
44 |
end |