| 1 |
On Mon, Nov 08, 2004 at 10:19:27AM +0100 or thereabouts, Tobias Klausmann wrote: |
| 2 |
> > cat /usr/portage/sys-apps/portage/Manifest |
| 3 |
> |
| 4 |
> This does not contain a GPG signature here. Of all packages... |
| 5 |
|
| 6 |
It did when I typed that message last night. Someone must have committed a |
| 7 |
new version of portage without signing things. I agree, portage should be |
| 8 |
signed. It's still a new process for us, so it will take time to get to |
| 9 |
100%. |
| 10 |
|
| 11 |
> I've run a script across the entire tree, collecting 43 different |
| 12 |
> signature keys IDs from Manifest files in all (from a total of |
| 13 |
> 2074 signed Manifest files, making up about 1/4). Of those keys, |
| 14 |
> 16 were unavailable on the Subkeys Public Key Network (listed |
| 15 |
> below). Where can I get those? |
| 16 |
|
| 17 |
Good question -- I don't know. They should be available on pgp.mit.edu, |
| 18 |
but if they're not, then I'd suggest start filing bugs against those |
| 19 |
individual packages. (NOT portage bugs) |
| 20 |
|
| 21 |
--kurt |
Archives