From: | Paul de Vrieze <pauldv@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] 2004.1 will not include a secure portage. | ||
Date: | Fri, 26 Mar 2004 08:31:29 | ||
Message-Id: | 200403260931.23622.pauldv@gentoo.org | ||
In Reply to: | Re: [gentoo-dev] 2004.1 will not include a secure portage. by Jesse Nelson |
1 | On Friday 26 March 2004 00:40, Jesse Nelson wrote: |
2 | > |
3 | > if an attacker can mod the acl list of keys he can add his and his buildts |
4 | > etc. you need external verification outside of just the mirror your syncing |
5 | > on. |
6 | |
7 | Outside verification only goes so far. It is not really secure, you need to be |
8 | able to verify that you don't get a stale version. |
9 | |
10 | Paul |
11 | |
12 | -- |
13 | Paul de Vrieze |
14 | Gentoo Developer |
15 | Mail: pauldv@g.o |
16 | Homepage: http://www.devrieze.net |