| 1 |
Hi, |
| 2 |
|
| 3 |
On 25 January 2018 at 14:35, Michał Górny <mgorny@g.o> wrote: |
| 4 |
> |
| 5 |
> Starting with sys-apps/portage-2.3.22, Portage enables cryptographic |
| 6 |
> verification of the Gentoo rsync repository distributed over rsync |
| 7 |
> by default. This aims to prevent malicious third parties from altering |
| 8 |
> the contents of the ebuild repository received by our users. |
| 9 |
|
| 10 |
<snip> |
| 11 |
|
| 12 |
I did not looked into the detailed implementation, however, please |
| 13 |
make sure integrity check handles the same cases we have applied to |
| 14 |
emerge-webrsync in the past, including: |
| 15 |
1. Fast forward only in time, this is required to avoid hacker to |
| 16 |
redirect into older portage to install vulnerabilities that were |
| 17 |
approved at that time. |
| 18 |
2. Content integrity, especially removal, as far as I understand, the |
| 19 |
mechanism will not enable to detect authorized removal of content. |
| 20 |
|
| 21 |
Regards, |
| 22 |
Alon |
Archives