| 1 |
I shouldn't have mentioned that old issue. Apologies... Back to the |
| 2 |
topic at hand. |
| 3 |
|
| 4 |
What is the current status of gpg signatures? Is gpg signing |
| 5 |
documented anywhere? |
| 6 |
|
| 7 |
Can all files be signed, or just ebuilds and eclasses? |
| 8 |
|
| 9 |
When will signing be enforced? |
| 10 |
|
| 11 |
Is it possible to reject non-signed ebuilds by default in emerge? |
| 12 |
Should users start filing bugs for packages that aren't signed to get |
| 13 |
them signed? |
| 14 |
|
| 15 |
When can we stop using MD5? How far along is support for SHA? |
| 16 |
|
| 17 |
Someone mentioned that nobody cares because nobody has stepped up to |
| 18 |
do it. What still needs to be done? I'm sure that people do care. How |
| 19 |
can we help? |
| 20 |
|
| 21 |
Hopefully we can find some positive solutions to get these things |
| 22 |
fixed and make a more secure gentoo. |
| 23 |
|
| 24 |
-- |
| 25 |
gentoo-dev@g.o mailing list |
Archives