| 1 |
The recent discussion on how to protect the portage tree from |
| 2 |
man-in-the-middle attacks has concentrated on signing either the portage |
| 3 |
tarball or the individual files in the tree. |
| 4 |
|
| 5 |
What about approaching the problem the way OpenBSD deals with its ports, |
| 6 |
that is with cvs over an ssh tunnel to authorized mirrors. The only |
| 7 |
drawback I see is that many gentoo users use rsync, but the cvs approach |
| 8 |
could be added on top of what already exists and security conscious users |
| 9 |
will then have the option of switching. |
| 10 |
|
| 11 |
------------------------------------------------------------------- |
| 12 |
|
| 13 |
Anthony G. Basile, Ph.D. |
| 14 |
Director of Information Technology, |
| 15 |
D'Youville College, |
| 16 |
320 Porter Ave. |
| 17 |
Buffalo NY, 14201 |
| 18 |
|
| 19 |
Work: (716) 829-8197 (voicemail) |
| 20 |
|
| 21 |
|
| 22 |
-- |
| 23 |
gentoo-security@g.o mailing list |
Archives