| 1 |
For those who have expressed an interest in signed snapshots, here's an |
| 2 |
update. |
| 3 |
|
| 4 |
CURRENT STATUS |
| 5 |
============== |
| 6 |
|
| 7 |
The 2004.3 release stuff got me a bit side-tracked, but as of tomorrow, we |
| 8 |
should have the first officially signed snapshot available on our mirrors. |
| 9 |
For reference, the main mirror is here: |
| 10 |
|
| 11 |
http://gentoo.osuosl.org/snapshots/ |
| 12 |
|
| 13 |
So if the files are there, then all is working correctly. |
| 14 |
|
| 15 |
The GPG key ID is: D8BA32AA |
| 16 |
|
| 17 |
The fingerprint is: 8861 8228 9048 D40B 3C3B ADDA 6DC2 26AA D8BA 32AA |
| 18 |
|
| 19 |
It is currently available on (at least) pgp.mit.edu and keyserver.net. I |
| 20 |
haven't figured out a good place to post it on the web site, so I'm open to |
| 21 |
suggestions. |
| 22 |
|
| 23 |
NEXT STEPS |
| 24 |
========== |
| 25 |
|
| 26 |
Make sure the signatures are working as expected and that they don't cause |
| 27 |
any other unforseen problems. |
| 28 |
|
| 29 |
NEEDS TO BE DONE |
| 30 |
================ |
| 31 |
|
| 32 |
So far, nobody has written a patch that will modify emerge-webrsync to |
| 33 |
check these signatures. For now, you will have to check things manually. |
| 34 |
If/when someone does submit a patch, I will pass it along to the |
| 35 |
emerge-webrsync maintainer. There is also a chance that one of the devs |
| 36 |
will make the changes as well, but no commitments have been made. |
| 37 |
|
| 38 |
|
| 39 |
--kurt |
Archives