Gentoo Archives: gentoo-hardened

From: Joshua Brindle <method@g.o>
To: "Dickenson, Toby" <tdickenson@×××××××××××××××××.com>, gentoo-hardened@g.o
Subject: Re: [gentoo-hardened] The state of ebuild signing in portage
Date: Thu, 24 Apr 2003 14:11:00
Message-Id: 20030424T091025Z_B95E00150000@gentoo.org
1 >On Saturday 19 April 2003 7:40 am, Joshua Brindle wrote:
2 >
3 >> Ideas and comments are welcome
4 >
5 >Will there be provision for signing other entities in the portage rsync mirror
6 >other than ebuilds? eclasses, package.mask, etc.
7
8 yes, probably detached sigs for each of those "other" files, we don't know yet though
9
10 >
11 >Will there be provision for controlling which developers are authorised to
12 >sign each package, or will portage allow any developer to sign any package
13 >manifest?
14
15 there is no easy way since the only way cvs knows to allow/disallow commits is
16 by permissions, we use permissions but they aren't fine grained, ie: everyone
17 who has access to commit any package can commit to all of them. This is a lot
18 better anyway since we have to be able to add new packages, do quick bumps
19 on packages we don't necessarilly maintain, etc. Obviously if a dev is abusing
20 we'll have records of what was commited and where and be able to take care
21 of that.
22
23 Joshua Brindle
24
25 --
26 gentoo-hardened@g.o mailing list

Replies

Subject Author
Re: [gentoo-hardened] The state of ebuild signing in portage lists@×××.org
Re: [gentoo-hardened] The state of ebuild signing in portage Toby Dickenson <tdickenson@×××××××××××××××××.com>