Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-portage-dev

From: Brian Dolbec <dolsen@g.o>
To: gentoo-portage-dev@l.g.o
Subject: Re: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918)
Date: Thu, 27 Oct 2016 17:38:18
Message-Id: 20161027103811.340eda1c.dolsen@gentoo.org
In Reply to: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918) by Zac Medico
1 On Thu, 27 Oct 2016 10:16:42 -0700
2 Zac Medico <zmedico@g.o> wrote:
3
4 > Use gkeys to verify gpg signatures by default. Refresh the gentoo
5 > snapshot signing key before signature verification, in order to ensure
6 > that the latest revocation data is available. Add an --insecure option
7 > which disables gpg signature verification. Warn about
8 > man-in-the-middle attacks when the --insecure option is used.
9 > Deprecate the pre-existing webrsync-gpg feature since it requires
10 > manual gpg configuration.
11 >
12 > X-Gentoo-Bug: 597918
13 > X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=597918
14 > ---
15 > bin/emerge-webrsync | 51
16 > +++++++++++++++++++++++++++++++++++++++++++++++----
17 > man/make.conf.5 | 6 ++++-- 2 files changed, 51 insertions(+), 6
18 > deletions(-)
19 >
20
21 LGTM
22
23 --
24 Brian Dolbec <dolsen>

Replies

Subject Author
Re: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918) Zac Medico <zmedico@g.o>
Report Message
Find on MARC Find on Google Groups