| 1 |
On Sat, 6 Nov 2004 23:06:57 +0100, Ioannis Aslanidis |
| 2 |
<aslanidis@×××××.com> wrote: |
| 3 |
> Then perhaps it's time to have a simple mirror that only servers |
| 4 |
> portage MD5s, for example :) |
| 5 |
|
| 6 |
Given that MD5 collisions can be generated in 15 seconds maybe we |
| 7 |
should use something more secure? And I agree with the original post, |
| 8 |
using hardened builds is almost pointless when there is still no |
| 9 |
secure architecture for distributing the portage tree. |
| 10 |
|
| 11 |
What is the timetable for |
| 12 |
a) getting rid of MD5? |
| 13 |
b) enforcing signed updates (ebuilds, eclasses, everything) to the tree? |
| 14 |
|
| 15 |
-- |
| 16 |
gentoo-dev@g.o mailing list |
Archives