From: | Jan Krueger <jk@×××××××××××.net> | ||
---|---|---|---|
To: | azarah@g.o | ||
Cc: | Gentoo-Dev <gentoo-dev@g.o>, Thomas de Grenier de Latour <degrenier@×××××××××××.fr> | ||
Subject: | Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection | ||
Date: | Sun, 07 Sep 2003 19:38:24 | ||
Message-Id: | 200309072143.47126.jk@microgalaxy.net | ||
In Reply to: | Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection by Martin Schlemmer |
1 | On Sunday 07 September 2003 19:20, Martin Schlemmer wrote: |
2 | > So how are any of these going to help if you do not trust us or any |
3 | > other developers/upstream_authors, encryption, etc, etc. I mean, |
4 | > this *IS* what this whole issue is about, no ? |
5 | No. I trust you. But trusting you doesnt mean that the ebuild you checked in |
6 | to the tree arrives at my hardrive unmodified. There is no way for you as a |
7 | human beeing to garantee this to me. Instead it should be expected that the |
8 | ebuild gets modified (by faulty software/hardware/network/whatever or by a |
9 | malicious attacker). So this must be taken care of. |
10 | |
11 | With Manifest and digest portage very much points in the right direction, but |
12 | this is not enough, from my point of view. |
13 | |
14 | Jan |
15 | |
16 | |
17 | -- |
18 | gentoo-dev@g.o mailing list |
Subject | Author |
---|---|
Re: [gentoo-dev] suggestion rsync over ssl/ssh | Jan Krueger <jk@×××××××××××.net> |
Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection | Jon Portnoy <avenj@g.o> |
Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection | Chris Bainbridge <C.J.Bainbridge@×××××.uk> |