Gentoo Archives: gentoo-security

From:	Chris Frey <cdfrey@×××××××××.ca>
To:	gentoo-security@l.g.o
Subject:	[gentoo-security] Re: Re: Re: Is anybody else worried about this?
Date:	Sun, 07 Nov 2004 17:12:00
Message-Id:	`20041107121136.D9045@netdirect.ca`
In Reply to:	Re: [gentoo-security] Re: Re: Is anybody else worried about this? by Rui Covelo

1	On Sun, Nov 07, 2004 at 05:04:29PM +0000, Rui Covelo wrote:
2	> Adding to what Peter said, what about having the public and private key
3	> changed periodicaly (developers come and go, keys should come and go
4	> too) and have the portage download automaticaly the public key and
5	> revokation certificates when needed from a single server? Ex: www.gentoo.org
6
7	Yes, I agree this is the way to do it. Debian, for example, has an annual
8	repository signing key.
9
10	- Chris
11
12
13	--
14	gentoo-security@g.o mailing list