| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
|
| 5 |
Thanks for all the great response. Kurt, i shall get myself subscribed to |
| 6 |
gentoo-dev again and hopefully do some gentoo contribs in future. Sorry for |
| 7 |
the disappearance that time but that's because i am not skillful enough..yet |
| 8 |
and now too. haha. ;p |
| 9 |
|
| 10 |
Cheers, |
| 11 |
Jasmine |
| 12 |
|
| 13 |
- -----Original Message----- |
| 14 |
From: Kurt Lieber [mailto:klieber@g.o] |
| 15 |
Sent: Tuesday, March 23, 2004 6:12 PM |
| 16 |
To: Koon |
| 17 |
Cc: Jasmine CHUA; gentoo-security@l.g.o |
| 18 |
Subject: Re: [gentoo-security] emerge sync |
| 19 |
|
| 20 |
|
| 21 |
On Tue, Mar 23, 2004 at 10:59:20AM +0100 or thereabouts, Koon wrote: |
| 22 |
> A rsync mirror compromise could definitely lead to a security problem. |
| 23 |
> |
| 24 |
> This is a known problem that is being worked on, and some kind of |
| 25 |
> digital signing check will be built into the ebuild release / rsync |
| 26 |
> process someday... |
| 27 |
|
| 28 |
For anyone subscribed to gentoo-dev, please see the message I just posted |
| 29 |
there which details the problem as well as our lack of effort to solve it. |
| 30 |
Hopefully, enough noise from the community will help give us a swift kick |
| 31 |
in the butt and a wakeup call. (hint: that means you folks) |
| 32 |
|
| 33 |
- --kurt |
| 34 |
|
| 35 |
-----BEGIN PGP SIGNATURE----- |
| 36 |
Version: PGP 7.0.1 |
| 37 |
|
| 38 |
iQA/AwUBQGATN/4wcdIw6CVjEQIM3ACfcimhKk8e53qIP2JrUPavET7ag6IAoMwh |
| 39 |
0C1pVuaDdAR/iNPNKtAz3qjz |
| 40 |
=Z7/M |
| 41 |
-----END PGP SIGNATURE----- |
| 42 |
|
| 43 |
-- |
| 44 |
gentoo-security@g.o mailing list |
Archives