From: | Matthias Maier <tamiko@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Subject: | Re: [gentoo-dev] Infra plans regarding $Id$ - official answer... | ||
Date: | Fri, 14 Aug 2015 14:34:16 | ||
Message-Id: | 87pp2q548x.fsf@jackdaw.kyomu.43-1.org | ||
In Reply to: | Re: [gentoo-dev] Infra plans regarding $Id$ - official answer... by Kristian Fiskerstrand |
1 | > They will be OpenPGP signed by a releng key during thickening and |
2 | > portage will auto-verify it using gkeys once things are in place. As |
3 | > such checksum for ebuilds and other files certainly needs to be part |
4 | > of the manifest, otherwise it can open up for malicious alterations of |
5 | > these files. |
6 | |
7 | And we switch portage in the near future to enforce signature checking |
8 | on rsync'ed repositories? (e.g. controlled via repos.d/*) :-) |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |