Gentoo Linux -- List Archive: gentoo-security

Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647

List Archive: gentoo-security

Navigation:

Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >

Headers:

To:	gentoo-security@g.o
From:	Matthias Geerdsen <vorlon@g.o>
Subject:	Re: Portage rsync security
Date:	Thu, 20 Mar 2008 14:46:53 +0100

Robert Buchholz wrote on 03/20/2008 02:07 PM:

> (CVS, core gentoo infra) and then check it on the user side. If you 
> want to do this right now, you can change your tree syncing to manually 
> download the gpg-signed portage-latest.tar.bz2 tree snapshots from your 
> local distfiles mirror and check them.

emerge-webrsync can do the downloading for you. The current version in 
svn [1] should also be able to handle the verification, just note that 
the key id changed to 239C75C4 [2].

Regards,
Matthias

[1] 
<http://sources.gentoo.org/viewcvs.py/portage/main/trunk/bin/emerge-webrsync?view=markup>
[2] <http://bugs.gentoo.org/show_bug.cgi?id=130039>

-- 
Matthias Geerdsen (vorlon)

Gentoo Linux Security Team
http://security.gentoo.org

Attachment:

signature.asc (OpenPGP digital signature)

References:

Portage rsync security
-- Florian Philipp

Re: Portage rsync security
-- Robert Buchholz

Navigation:

Lists: gentoo-security: < Prev By Thread Next > < Prev By Date Next >

Previous by thread:

Re: Portage rsync security

Next by thread:

gpg keys; GSWoT & PGP Global Directory Key

Previous by date:

Re: Portage rsync security

Next by date:

gpg keys; GSWoT & PGP Global Directory Key

Updated Jun 17, 2009

Summary: Archive of the gentoo-security mailing list.

Donate to support our development efforts.