1 |
On Wed, 2006-01-11 at 00:03 -0700, Duncan wrote: |
2 |
> Remember, portage already has a decent amount of signed content |
3 |
> verification builtin, and is getting more. Just because it's not |
4 |
> currently used, as the debate on strength and keyring handling hasn't been |
5 |
> settled, doesn't mean the capacity doesn't exist. |
6 |
|
7 |
One other advantage with this is we will be starting from a known |
8 |
portage version. This allows us to not have to worry about backwards |
9 |
compatibility. Want Manifest2 (and no Manifest/digests)? So long as |
10 |
the version of portage supports it, we can switch to it completely on |
11 |
these trees. |
12 |
|
13 |
> At this point it should be possible to develop a working enterprise |
14 |
> security model along with the enterprise proposal and tree. Spec it out, |
15 |
> put the keys in a special dir on a read-only mounted partition, and it'll |
16 |
> be pretty hard to fake it on the fly, at least. |
17 |
|
18 |
Again, please don't consider my tree proposal as anything "enterprise", |
19 |
at all. While it can be used as a *basis* for enterprise work, it does |
20 |
not need to be relegated to any specific usage. It is simply a release |
21 |
tree, with frozen package versions. |
22 |
|
23 |
-- |
24 |
Chris Gianelloni |
25 |
Release Engineering - Strategic Lead |
26 |
x86 Architecture Team |
27 |
Games - Developer |
28 |
Gentoo Linux |