1 |
On Sat, 6 Nov 2004 23:06:57 +0100, Ioannis Aslanidis |
2 |
<aslanidis@×××××.com> wrote: |
3 |
> Then perhaps it's time to have a simple mirror that only servers |
4 |
> portage MD5s, for example :) |
5 |
|
6 |
Given that MD5 collisions can be generated in 15 seconds maybe we |
7 |
should use something more secure? And I agree with the original post, |
8 |
using hardened builds is almost pointless when there is still no |
9 |
secure architecture for distributing the portage tree. |
10 |
|
11 |
What is the timetable for |
12 |
a) getting rid of MD5? |
13 |
b) enforcing signed updates (ebuilds, eclasses, everything) to the tree? |
14 |
|
15 |
-- |
16 |
gentoo-dev@g.o mailing list |