| 1 |
On Thu, Nov 11, 2004 at 01:11:15PM -0700 or thereabouts, Glen Combe wrote: |
| 2 |
> Kurt can you clarify this for me or give me more detail... on what you |
| 3 |
> mean what you say below? What is the more robust solution? I dont recall |
| 4 |
> reading it here? |
| 5 |
> |
| 6 |
> "The solution that Peter is requesting (generating hashes of files not |
| 7 |
> already hashed and then signing all Manifests/hashes) is considerably more |
| 8 |
> risky and is not something I will implement since we have a more robust, |
| 9 |
> better solution in the works already." |
| 10 |
|
| 11 |
It's been mentioned numerous times. The strategic approach to fixing this |
| 12 |
issue is taking the work we've already put into signed manifests and |
| 13 |
extending it to cover other files as well (eclasses, profiles, etc.) There |
| 14 |
is an open RFE bug for this and Jason (one of our portage devs) has already |
| 15 |
said they're working on it. |
| 16 |
|
| 17 |
--kurt |
Archives