Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-security
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-security@g.o
From: Matthias Geerdsen <vorlon@g.o>
Subject: Re: Portage rsync security
Date: Thu, 20 Mar 2008 14:46:53 +0100
Robert Buchholz wrote on 03/20/2008 02:07 PM:

> (CVS, core gentoo infra) and then check it on the user side. If you 
> want to do this right now, you can change your tree syncing to manually 
> download the gpg-signed portage-latest.tar.bz2 tree snapshots from your 
> local distfiles mirror and check them.

emerge-webrsync can do the downloading for you. The current version in 
svn [1] should also be able to handle the verification, just note that 
the key id changed to 239C75C4 [2].

Regards,
Matthias

[1] 
<http://sources.gentoo.org/viewcvs.py/portage/main/trunk/bin/emerge-webrsync?view=markup>
[2] <http://bugs.gentoo.org/show_bug.cgi?id=130039>

-- 
Matthias Geerdsen (vorlon)

Gentoo Linux Security Team
http://security.gentoo.org

Attachment:
signature.asc (OpenPGP digital signature)
References:
Portage rsync security
-- Florian Philipp
Re: Portage rsync security
-- Robert Buchholz
Navigation:
Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: Portage rsync security
Next by thread:
gpg keys; GSWoT & PGP Global Directory Key
Previous by date:
Re: Portage rsync security
Next by date:
gpg keys; GSWoT & PGP Global Directory Key


Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.