From: | Matthias Geerdsen <vorlon@g.o> | ||
---|---|---|---|
To: | gentoo-security@l.g.o | ||
Subject: | Re: [gentoo-security] Portage rsync security | ||
Date: | Thu, 20 Mar 2008 13:48:05 | ||
Message-Id: | 47E26ACD.1060903@gentoo.org | ||
In Reply to: | Re: [gentoo-security] Portage rsync security by Robert Buchholz |
1 | Robert Buchholz wrote on 03/20/2008 02:07 PM: |
2 | |
3 | > (CVS, core gentoo infra) and then check it on the user side. If you |
4 | > want to do this right now, you can change your tree syncing to manually |
5 | > download the gpg-signed portage-latest.tar.bz2 tree snapshots from your |
6 | > local distfiles mirror and check them. |
7 | |
8 | emerge-webrsync can do the downloading for you. The current version in |
9 | svn [1] should also be able to handle the verification, just note that |
10 | the key id changed to 239C75C4 [2]. |
11 | |
12 | Regards, |
13 | Matthias |
14 | |
15 | [1] |
16 | <http://sources.gentoo.org/viewcvs.py/portage/main/trunk/bin/emerge-webrsync?view=markup> |
17 | [2] <http://bugs.gentoo.org/show_bug.cgi?id=130039> |
18 | |
19 | -- |
20 | Matthias Geerdsen (vorlon) |
21 | |
22 | Gentoo Linux Security Team |
23 | http://security.gentoo.org |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |