Archives
Archives
| From: | Jan Krueger <jk@×××××××××××.net> | ||
|---|---|---|---|
| To: | azarah@g.o | ||
| Cc: | Gentoo-Dev <gentoo-dev@g.o>, Thomas de Grenier de Latour <degrenier@×××××××××××.fr> | ||
| Subject: | Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection | ||
| Date: | Sun, 07 Sep 2003 19:38:24 | ||
| Message-Id: | 200309072143.47126.jk@microgalaxy.net | ||
| In Reply to: | Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection by Martin Schlemmer |
||
| 1 | On Sunday 07 September 2003 19:20, Martin Schlemmer wrote: |
| 2 | > So how are any of these going to help if you do not trust us or any |
| 3 | > other developers/upstream_authors, encryption, etc, etc. I mean, |
| 4 | > this *IS* what this whole issue is about, no ? |
| 5 | No. I trust you. But trusting you doesnt mean that the ebuild you checked in |
| 6 | to the tree arrives at my hardrive unmodified. There is no way for you as a |
| 7 | human beeing to garantee this to me. Instead it should be expected that the |
| 8 | ebuild gets modified (by faulty software/hardware/network/whatever or by a |
| 9 | malicious attacker). So this must be taken care of. |
| 10 | |
| 11 | With Manifest and digest portage very much points in the right direction, but |
| 12 | this is not enough, from my point of view. |
| 13 | |
| 14 | Jan |
| 15 | |
| 16 | |
| 17 | -- |
| 18 | gentoo-dev@g.o mailing list |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] suggestion rsync over ssl/ssh | Jan Krueger <jk@×××××××××××.net> |
| Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection | Jon Portnoy <avenj@g.o> |
| Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection | Chris Bainbridge <C.J.Bainbridge@×××××.uk> |