1 |
Ed Grimm writes: |
2 |
|
3 |
> Would the obvious fix not be provide signed Manifest |
4 |
> files for the eclasses as well? |
5 |
|
6 |
Yes, that would fix the problem. However, if you want to |
7 |
make sure your tree is properly authenticated, you have |
8 |
authenticate _every single file_ in it. In a day and age |
9 |
where people can hack your machine by setting appropriate |
10 |
pixels in a GIF image, I wouldn't take any unnecessary |
11 |
risks. Having dozens of signatures split over dozens of |
12 |
directories is not a (human-)failure-resistant procedure, |
13 |
IMHO. |
14 |
|
15 |
I am also not quite certain yet how to bootstrap the system |
16 |
securely. For example: Where does the properly authenticated |
17 |
GPG ebuild come from? |
18 |
|
19 |
Anyway, if all files are covered by the manifests, then it |
20 |
would be secure. |
21 |
|
22 |
Peter |
23 |
|
24 |
|
25 |
-- |
26 |
gentoo-security@g.o mailing list |