1 |
Hello |
2 |
|
3 |
On Tue, Jul 3, 2018 at 9:33 AM, Virgil Dupras <vdupras@g.o> wrote: |
4 |
> Hi everyone, |
5 |
> |
6 |
> With the recent Github incident, users have (rightfully) voiced concerns about the security of their Gentoo ebuild tree. Luckily, thanks to recent efforts on the repository verification feature, we can answer "yes, it's possible to update your ebuild tree in a convenient and secure manner", but documentation about how to do it is not readily available. I've seen some of these questions only partially answered due to our own lack of knowledge on this subject as developers. |
7 |
> |
8 |
> To fix this, I've been working, in the last few days, on a new "Portage Security" wiki page [1] that aims to guide the user to a secure setup and dispel doubts about the security of their setup. I would invite you to start pointing users to it when they ask questions on this matter. |
9 |
> |
10 |
> I'm not a very experienced developer and this has been written with the little knowledge I have, so I invite you to review and correct it if needed. |
11 |
|
12 |
I think is a nice idea :) |
13 |
++ |
14 |
|
15 |
|
16 |
-- |
17 |
Thanks, |
18 |
Alice Ferrazzi |
19 |
|
20 |
Gentoo Kernel Project Leader |
21 |
Gentoo Foundation Vice-Secretary |
22 |
Gentoo Google Summer of Code Administrator |
23 |
Mail: Alice Ferrazzi <alicef@g.o> |
24 |
PGP: 2E4E 0856 461C 0585 1336 F496 5621 A6B2 8638 781A |