1 |
As the founder of gentoo's new security project gentoo-hardened i really feel that I must say something here |
2 |
I happen to disagree with Kurt's line of reasoning here, I have personally been bugging |
3 |
everyone around for an ebuild signing system for months, and it's been spoken about |
4 |
for over 6 months. Many people have talked about this, the pro's and con's, and those |
5 |
of us who have any security needs have pressured the people involved. |
6 |
|
7 |
For my hardened project to actually have an effect ebuild signing is mandatory, and the |
8 |
sooner the better, before or after 1.4. |
9 |
|
10 |
Having said that, it's about time someone took a stand and posted proof that bad things |
11 |
will happen if ebuild signing doesn't happen. This is exactly the kind of pressure |
12 |
people respond to and maybe something will actually get done about it now. |
13 |
|
14 |
The person who posted this is well within his right, and this is how opensource |
15 |
projects often are driven to 'be better'. There has been work on ebuild signing |
16 |
from several people at some point, but the few people who don't like the idea |
17 |
have spent a lot of time discouraging people. This is not acceptable IMO, and |
18 |
I would like to remind everyone involved that it is a very small minority that |
19 |
wants this project blocked. I believe the sentiment among the other devs |
20 |
and especially users is that this _must_ go forward. |
21 |
|
22 |
Thank you, please don't flame on this thread anymore, everything has been |
23 |
said that needs to be said, if you feel the need to flame come to irc and talk |
24 |
to me and others in person. |
25 |
|
26 |
|
27 |
|
28 |
|
29 |
Joshua Brindle |
30 |
|
31 |
>>> Kurt Lieber <klieber@g.o> 03/20/03 12:09PM >>> |
32 |
On Thu, Mar 20, 2003 at 10:02:51AM -0800 or thereabouts, tfandango wrote: |
33 |
> about it. Here's a guy who is concerned about the |
34 |
> security of the Gentoo portage system and posts a |
35 |
> question in the security mailing list about it. |
36 |
|
37 |
Asking questions and posting proof-of-concept trojans *without* first |
38 |
asking questions are two different things entirely. |
39 |
|
40 |
--kurt |
41 |
|
42 |
-- |
43 |
gentoo-hardened@g.o mailing list |