List Archive: gentoo-security
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
Am I right that there is currently no way portage tries to verify that
the rsync-mirror is not spoofed?
Doesn't that pose a major threat? If I were able to manipulate the
domain name resolution, I could easily trick gentooers into making false
updates and thus executing a malicious program with root-permission on
So, why isn't there some kind of public key authentication going on, at
By the way: How does gentoo's gpg-feature work. The man-page doesn't
contain an explanation.
signature.asc (This is a digitally signed message part)