| 1 |
As the founder of gentoo's new security project gentoo-hardened i really feel that I must say something here |
| 2 |
I happen to disagree with Kurt's line of reasoning here, I have personally been bugging |
| 3 |
everyone around for an ebuild signing system for months, and it's been spoken about |
| 4 |
for over 6 months. Many people have talked about this, the pro's and con's, and those |
| 5 |
of us who have any security needs have pressured the people involved. |
| 6 |
|
| 7 |
For my hardened project to actually have an effect ebuild signing is mandatory, and the |
| 8 |
sooner the better, before or after 1.4. |
| 9 |
|
| 10 |
Having said that, it's about time someone took a stand and posted proof that bad things |
| 11 |
will happen if ebuild signing doesn't happen. This is exactly the kind of pressure |
| 12 |
people respond to and maybe something will actually get done about it now. |
| 13 |
|
| 14 |
The person who posted this is well within his right, and this is how opensource |
| 15 |
projects often are driven to 'be better'. There has been work on ebuild signing |
| 16 |
from several people at some point, but the few people who don't like the idea |
| 17 |
have spent a lot of time discouraging people. This is not acceptable IMO, and |
| 18 |
I would like to remind everyone involved that it is a very small minority that |
| 19 |
wants this project blocked. I believe the sentiment among the other devs |
| 20 |
and especially users is that this _must_ go forward. |
| 21 |
|
| 22 |
Thank you, please don't flame on this thread anymore, everything has been |
| 23 |
said that needs to be said, if you feel the need to flame come to irc and talk |
| 24 |
to me and others in person. |
| 25 |
|
| 26 |
|
| 27 |
|
| 28 |
|
| 29 |
Joshua Brindle |
| 30 |
|
| 31 |
>>> Kurt Lieber <klieber@g.o> 03/20/03 12:09PM >>> |
| 32 |
On Thu, Mar 20, 2003 at 10:02:51AM -0800 or thereabouts, tfandango wrote: |
| 33 |
> about it. Here's a guy who is concerned about the |
| 34 |
> security of the Gentoo portage system and posts a |
| 35 |
> question in the security mailing list about it. |
| 36 |
|
| 37 |
Asking questions and posting proof-of-concept trojans *without* first |
| 38 |
asking questions are two different things entirely. |
| 39 |
|
| 40 |
--kurt |
| 41 |
|
| 42 |
-- |
| 43 |
gentoo-hardened@g.o mailing list |
Archives