1 |
On Thursday 25 March 2004 14:38, Jesse Nelson wrote: |
2 |
> |
3 |
> well if you move key verification into (or in addition to) the build |
4 |
> process and make it aware of key servers. Invalidate a key on the |
5 |
> keyserver and portage can refuse to build anything signed by DevX(or key X) |
6 |
> or under pauls proposal a whole tree could be deemed untrusted. |
7 |
> |
8 |
> just by allowing a check on emerge to verify your local keyring is still |
9 |
> fresh etc. this doesn't require a new tree, and would work for ppl that are |
10 |
> periodically online etc. Keyring maintenance would have to be a tool |
11 |
> outside of portage altogether tho. |
12 |
|
13 |
Yup but you can't invalidate a key on the keyserver in the case of a rogue |
14 |
developer. If you're online, why not update the portage tree, get all the new |
15 |
security updates etc. and the ACLs in one go? Putting the allowed keys and |
16 |
access lists into the portage tree makes the most sense to me. Otherwise |
17 |
you're going to have to synchronise them anyway! |
18 |
|
19 |
> <rant> |
20 |
> I would love to see it so that if ppl who are running prod servers want to |
21 |
> verify against 3 public sources all sigs they could and its all built in. |
22 |
> this would outpace every other oss distro out there in terms of package |
23 |
> security. If they only want packages that have had a few devs look @ them |
24 |
> they can set that as well. If joe-user doesnt give a dam he can turn all |
25 |
> paranoia checks off. It's keeping with the "gentoo way" IMHO. </rant> |
26 |
|
27 |
I couldn't agree more. |
28 |
|
29 |
-- |
30 |
gentoo-dev@g.o mailing list |