Archives
Archives
| From: | Matthias Maier <tamiko@g.o> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Subject: | Re: [gentoo-dev] Infra plans regarding $Id$ - official answer... | ||
| Date: | Fri, 14 Aug 2015 14:34:16 | ||
| Message-Id: | 87pp2q548x.fsf@jackdaw.kyomu.43-1.org | ||
| In Reply to: | Re: [gentoo-dev] Infra plans regarding $Id$ - official answer... by Kristian Fiskerstrand |
||
| 1 | > They will be OpenPGP signed by a releng key during thickening and |
| 2 | > portage will auto-verify it using gkeys once things are in place. As |
| 3 | > such checksum for ebuilds and other files certainly needs to be part |
| 4 | > of the manifest, otherwise it can open up for malicious alterations of |
| 5 | > these files. |
| 6 | |
| 7 | And we switch portage in the near future to enforce signature checking |
| 8 | on rsync'ed repositories? (e.g. controlled via repos.d/*) :-) |
| File name | MIME type |
|---|---|
| signature.asc | application/pgp-signature |