1 |
On Tue, Apr 4, 2017 at 12:03 PM, Andreas K. Huettel |
2 |
<dilfridge@g.o> wrote: |
3 |
>> while we're discussing super-strength hash algos, it would be cool to know |
4 |
>> what's still missing for |
5 |
>> * rsync-side manifest signing in whatever way |
6 |
>> * verification of such signatures in portage / emerge |
7 |
>> |
8 |
> |
9 |
> (and just to put it in a reference frame, I'm these days reading mailing list |
10 |
> discussions how cryptographic signing of our rsync tree is urgently needed... |
11 |
> ... in the council agenda threads |
12 |
> ... of the very first council |
13 |
> ... i.e., 2005 |
14 |
> ... i.e., roughly 12 years ago.) |
15 |
|
16 |
Was thinking exactly the same thing yesterday. How do we make it |
17 |
happen? Do we have any ideas on feasible paths forward? |
18 |
|
19 |
Cheers, |
20 |
|
21 |
Dirkjan |