| 1 |
Kurt Lieber writes: |
| 2 |
|
| 3 |
> The original fix suggested won't work for a number of |
| 4 |
> reasons that I'm not going to bother to re-hash here. |
| 5 |
|
| 6 |
I'd like to fill that little blank in. |
| 7 |
|
| 8 |
The reason why 99.9% of the Gentoo users can't authenticate |
| 9 |
any of the software they use is that some high-profile |
| 10 |
Gentoo system administrator is too dumb to realize that ... |
| 11 |
|
| 12 |
(1) you don't need to generate hashes for any of the files |
| 13 |
that are covered by the manifests, because -- surprise |
| 14 |
-- the manifests do contain their hashes already. |
| 15 |
|
| 16 |
(2) you don't need to regenerate a hash when the file |
| 17 |
hasn't changed since the last time you generated one. |
| 18 |
|
| 19 |
(3) adding a single command to CVSROOT/commitinfo would |
| 20 |
generate a hash for every file the moment a change was |
| 21 |
committed so that there was absolutely no timing |
| 22 |
problem and almost no increase in load on the server. |
| 23 |
|
| 24 |
|
| 25 |
> Quite frankly, a lot of the users out there are leeches |
| 26 |
> who don't provide anything back to the Gentoo community, |
| 27 |
> but consume our software nonetheless. |
| 28 |
|
| 29 |
Since this comment is obviously directed at me, I suggest |
| 30 |
you grep your unauthenticated Portage database for my name, |
| 31 |
dumb-ass. Quite frankly, not everybody is as hung up on what |
| 32 |
he all does for Gentoo and mentions it at every second |
| 33 |
opportunity. |
| 34 |
|
| 35 |
|
| 36 |
> P.S. I do not want anyone to think that this solution is |
| 37 |
> being implemented because of the bitching and screaming |
| 38 |
> that occurred. |
| 39 |
|
| 40 |
No. It is implemented because I did it. |
| 41 |
|
| 42 |
|
| 43 |
I apologize for flaming on the list, but after being lied |
| 44 |
to, being called an asshole, being called a jackass, being |
| 45 |
called a public stink, being told to fuck off, and all that |
| 46 |
because I dare request that someone simply stops standing in |
| 47 |
the way when others are trying to increase the security of |
| 48 |
Gentoo's users -- and that on the SECURITY mailing list, for |
| 49 |
crying out loud --, I really don't feel there is any need to |
| 50 |
be polite anymore. |
| 51 |
|
| 52 |
And please don't misunderstand me. There are people who |
| 53 |
deserved it a LOT more to be flamed than Kurt. Definitely. |
| 54 |
But some of those guys are *so* dumb that it's really not |
| 55 |
worth it. |
| 56 |
|
| 57 |
And now I'll do what some real tough security experts here |
| 58 |
wanted all along. I'll cease posting. |
| 59 |
|
| 60 |
Until next time. |
| 61 |
|
| 62 |
Peter |
| 63 |
|
| 64 |
|
| 65 |
-- |
| 66 |
gentoo-security@g.o mailing list |
Archives