| 1 |
On Tue, Apr 4, 2017 at 12:03 PM, Andreas K. Huettel |
| 2 |
<dilfridge@g.o> wrote: |
| 3 |
>> while we're discussing super-strength hash algos, it would be cool to know |
| 4 |
>> what's still missing for |
| 5 |
>> * rsync-side manifest signing in whatever way |
| 6 |
>> * verification of such signatures in portage / emerge |
| 7 |
>> |
| 8 |
> |
| 9 |
> (and just to put it in a reference frame, I'm these days reading mailing list |
| 10 |
> discussions how cryptographic signing of our rsync tree is urgently needed... |
| 11 |
> ... in the council agenda threads |
| 12 |
> ... of the very first council |
| 13 |
> ... i.e., 2005 |
| 14 |
> ... i.e., roughly 12 years ago.) |
| 15 |
|
| 16 |
Was thinking exactly the same thing yesterday. How do we make it |
| 17 |
happen? Do we have any ideas on feasible paths forward? |
| 18 |
|
| 19 |
Cheers, |
| 20 |
|
| 21 |
Dirkjan |
Archives