Gentoo Archives: gentoo-dev

From: Virgil Dupras <vdupras@g.o>
To: gentoo-dev@l.g.o
Subject: [gentoo-dev] New "Portage Security" wiki page
Date: Tue, 03 Jul 2018 00:34:28
1 Hi everyone,
3 With the recent Github incident, users have (rightfully) voiced concerns about the security of their Gentoo ebuild tree. Luckily, thanks to recent efforts on the repository verification feature, we can answer "yes, it's possible to update your ebuild tree in a convenient and secure manner", but documentation about how to do it is not readily available. I've seen some of these questions only partially answered due to our own lack of knowledge on this subject as developers.
5 To fix this, I've been working, in the last few days, on a new "Portage Security" wiki page [1] that aims to guide the user to a secure setup and dispel doubts about the security of their setup. I would invite you to start pointing users to it when they ask questions on this matter.
7 I'm not a very experienced developer and this has been written with the little knowledge I have, so I invite you to review and correct it if needed.
9 Regards,
10 Virgil Dupras
12 [1]:


Subject Author
Re: [gentoo-dev] New "Portage Security" wiki page Alice Ferrazzi <alicef@g.o>