Archives
Archives
| From: | Alexander Berntsen <bernalex@g.o> | ||
|---|---|---|---|
| To: | gentoo-portage-dev@l.g.o | ||
| Subject: | Re: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918) | ||
| Date: | Thu, 27 Oct 2016 18:09:46 | ||
| Message-Id: | f47ec999-a03f-fcb2-2611-c9143a7d23a5@gentoo.org | ||
| In Reply to: | [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918) by Zac Medico |
||
| 1 | On 27/10/16 19:16, Zac Medico wrote: |
| 2 | > Use gkeys to verify gpg signatures by default. Refresh the gentoo |
| 3 | > snapshot signing key before signature verification, in order to |
| 4 | > ensure that the latest revocation data is available. Add an |
| 5 | > --insecure option which disables gpg signature verification. Warn |
| 6 | > about man-in-the-middle attacks when the --insecure option is used. |
| 7 | > Deprecate the pre-existing webrsync-gpg feature since it requires |
| 8 | > manual gpg configuration. |
| 9 | %s/ gpg/ OpenPGP/ |
| 10 | -- |
| 11 | Alexander |
| 12 | bernalex@g.o |
| 13 | https://secure.plaimi.net/~alexander |
| File name | MIME type |
|---|---|
| signature.asc | application/pgp-signature |
| Subject | Author |
|---|---|
| Re: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918) | Zac Medico <zmedico@g.o> |