From: | Alexander Berntsen <bernalex@g.o> | ||
---|---|---|---|
To: | gentoo-portage-dev@l.g.o | ||
Subject: | Re: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918) | ||
Date: | Thu, 27 Oct 2016 18:09:46 | ||
Message-Id: | f47ec999-a03f-fcb2-2611-c9143a7d23a5@gentoo.org | ||
In Reply to: | [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918) by Zac Medico |
1 | On 27/10/16 19:16, Zac Medico wrote: |
2 | > Use gkeys to verify gpg signatures by default. Refresh the gentoo |
3 | > snapshot signing key before signature verification, in order to |
4 | > ensure that the latest revocation data is available. Add an |
5 | > --insecure option which disables gpg signature verification. Warn |
6 | > about man-in-the-middle attacks when the --insecure option is used. |
7 | > Deprecate the pre-existing webrsync-gpg feature since it requires |
8 | > manual gpg configuration. |
9 | %s/ gpg/ OpenPGP/ |
10 | -- |
11 | Alexander |
12 | bernalex@g.o |
13 | https://secure.plaimi.net/~alexander |
File name | MIME type |
---|---|
signature.asc | application/pgp-signature |
Subject | Author |
---|---|
Re: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918) | Zac Medico <zmedico@g.o> |