Gentoo Archives: gentoo-security

From: Matthias Geerdsen <vorlon@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Portage rsync security
Date: Thu, 20 Mar 2008 13:48:05
Message-Id: 47E26ACD.1060903@gentoo.org
In Reply to: Re: [gentoo-security] Portage rsync security by Robert Buchholz
Robert Buchholz wrote on 03/20/2008 02:07 PM:

> (CVS, core gentoo infra) and then check it on the user side. If you > want to do this right now, you can change your tree syncing to manually > download the gpg-signed portage-latest.tar.bz2 tree snapshots from your > local distfiles mirror and check them.
emerge-webrsync can do the downloading for you. The current version in svn [1] should also be able to handle the verification, just note that the key id changed to 239C75C4 [2]. Regards, Matthias [1] <http://sources.gentoo.org/viewcvs.py/portage/main/trunk/bin/emerge-webrsync?view=markup> [2] <http://bugs.gentoo.org/show_bug.cgi?id=130039> -- Matthias Geerdsen (vorlon) Gentoo Linux Security Team http://security.gentoo.org

Attachments

File name MIME type
signature.asc application/pgp-signature