1 |
Kurt Lieber writes: |
2 |
|
3 |
> The original fix suggested won't work for a number of |
4 |
> reasons that I'm not going to bother to re-hash here. |
5 |
|
6 |
I'd like to fill that little blank in. |
7 |
|
8 |
The reason why 99.9% of the Gentoo users can't authenticate |
9 |
any of the software they use is that some high-profile |
10 |
Gentoo system administrator is too dumb to realize that ... |
11 |
|
12 |
(1) you don't need to generate hashes for any of the files |
13 |
that are covered by the manifests, because -- surprise |
14 |
-- the manifests do contain their hashes already. |
15 |
|
16 |
(2) you don't need to regenerate a hash when the file |
17 |
hasn't changed since the last time you generated one. |
18 |
|
19 |
(3) adding a single command to CVSROOT/commitinfo would |
20 |
generate a hash for every file the moment a change was |
21 |
committed so that there was absolutely no timing |
22 |
problem and almost no increase in load on the server. |
23 |
|
24 |
|
25 |
> Quite frankly, a lot of the users out there are leeches |
26 |
> who don't provide anything back to the Gentoo community, |
27 |
> but consume our software nonetheless. |
28 |
|
29 |
Since this comment is obviously directed at me, I suggest |
30 |
you grep your unauthenticated Portage database for my name, |
31 |
dumb-ass. Quite frankly, not everybody is as hung up on what |
32 |
he all does for Gentoo and mentions it at every second |
33 |
opportunity. |
34 |
|
35 |
|
36 |
> P.S. I do not want anyone to think that this solution is |
37 |
> being implemented because of the bitching and screaming |
38 |
> that occurred. |
39 |
|
40 |
No. It is implemented because I did it. |
41 |
|
42 |
|
43 |
I apologize for flaming on the list, but after being lied |
44 |
to, being called an asshole, being called a jackass, being |
45 |
called a public stink, being told to fuck off, and all that |
46 |
because I dare request that someone simply stops standing in |
47 |
the way when others are trying to increase the security of |
48 |
Gentoo's users -- and that on the SECURITY mailing list, for |
49 |
crying out loud --, I really don't feel there is any need to |
50 |
be polite anymore. |
51 |
|
52 |
And please don't misunderstand me. There are people who |
53 |
deserved it a LOT more to be flamed than Kurt. Definitely. |
54 |
But some of those guys are *so* dumb that it's really not |
55 |
worth it. |
56 |
|
57 |
And now I'll do what some real tough security experts here |
58 |
wanted all along. I'll cease posting. |
59 |
|
60 |
Until next time. |
61 |
|
62 |
Peter |
63 |
|
64 |
|
65 |
-- |
66 |
gentoo-security@g.o mailing list |