1 |
On Sunday 07 September 2003 19:56, Jon Portnoy wrote: |
2 |
> The vulnerability at that point is compromised keys, which is why we |
3 |
> would have an uberkey so we can revoke developer keys as soon as |
4 |
> possible. It's not foolproof, but it's a whole lot better. |
5 |
I agree. |
6 |
But thats no excuse to not fix the security/consitency faults in portage that |
7 |
showed up in this discussion. |
8 |
|
9 |
You never know ... |
10 |
|
11 |
It may already be to late for thousends of users until someone of gentoo-core |
12 |
uses the ueberkey, especially in holiday seasons. |
13 |
|
14 |
Or has core, especially in key questions, an availablity of 24/7? |
15 |
|
16 |
> There is no such thing as perfect security short of shutting down your |
17 |
> computer. |
18 |
Yes, you never know... |
19 |
Thats why i would prefer a secure transport layer for emerge, you know? |
20 |
|
21 |
Jan |
22 |
|
23 |
|
24 |
-- |
25 |
gentoo-dev@g.o mailing list |