| 1 |
On Thu, Nov 11, 2004 at 09:56:52PM +0100, Paul de Vrieze wrote: |
| 2 |
> On Thursday 11 November 2004 19:49, Chris Frey wrote: |
| 3 |
> > In another post, you asked whether we expect the devs to drop everything to |
| 4 |
> > implement the checking in emerge sync. I certainly don't expect that. |
| 5 |
> > Once the signatures are available from the server, any user can use them |
| 6 |
> > and write their own code to do the checks. The signature is all we need. |
| 7 |
> |
| 8 |
> Unfortunately this is not true. There are a number of requirements for the |
| 9 |
> solution that is finally implemented. Most of the problems are |
| 10 |
> organizatorial, not technical: |
| 11 |
|
| 12 |
I realize these problems still need to be solved in the official solution, |
| 13 |
but that is not what I was referring to. |
| 14 |
|
| 15 |
In order to verify that the tree we download today is the one from the main |
| 16 |
gentoo server, all we need is the patch Peter posted. |
| 17 |
|
| 18 |
I'm eagerly awaiting the official solution too, but the current patch in |
| 19 |
question looks simple enough to be implemented in the interim. |
| 20 |
|
| 21 |
- Chris |
| 22 |
|
| 23 |
|
| 24 |
-- |
| 25 |
gentoo-security@g.o mailing list |
Archives