1 |
Den wrote: |
2 |
|
3 |
> by not giving our here friend's Peter the attention he so crave. |
4 |
> |
5 |
> Obviously he has nothing better to do than to bait people into flaming |
6 |
> him publicly or privately since it enables him the luxury of venting |
7 |
> through his replies. |
8 |
> |
9 |
> As my good ole mother use to say: "just be wiser than your nagging |
10 |
> brother: ignore him, he'll eventually go away" |
11 |
> |
12 |
> So let's ignore this problem and focus on the real one: coding ourselves |
13 |
> the best portage tree signing Peter could not himself do while he blows |
14 |
> his own little whistle on someone else's list. |
15 |
> |
16 |
> On your mark, ready, filter :P |
17 |
|
18 |
I think this thread wasn't completely useless. Hopefully it will help |
19 |
speed up the implementation of the final and complete solution we've |
20 |
underway since a long time. |
21 |
|
22 |
This solution, nobody complained here it wasn't good. The only complaint |
23 |
we heard was that it wasn't implemented fast enough. That's already a |
24 |
big improvement... the last time this was brought up in gentoo-dev there |
25 |
was another endless thread where everyone was telling THEIR solution was |
26 |
the best. Good thing we finally reached consensus on what is the best |
27 |
solution. |
28 |
|
29 |
I'm pretty sure almost all Gentoo developers subscribed to this |
30 |
particular list (gentoo-security) already do all they can so that this |
31 |
final solution gets implemented the fastest possible. So yelling at |
32 |
Gentoo developers here won't speed up anything. There are other |
33 |
developers out there that don't think this is top-priority. They are the |
34 |
one this thread should evangelize. And no, yelling at people is not the |
35 |
best way to do evangelization. |
36 |
|
37 |
This has been a long-term effort, and finally we're seeing good |
38 |
progress, with portage signing support in 2.0.51 deployed. Having a |
39 |
band-aid deployed as a temporary workaround while we're in the last |
40 |
rounds will only delay further adoption of the one and real true |
41 |
solution. If it's deployed, we'll have quite a bunch of devs saying |
42 |
there is no need for them to create a package signing key since |
43 |
everything is now "secure" thanks to this genius solution. It will |
44 |
likely double the time needed for the final and complete (and auditable) |
45 |
solution to be deployed. |
46 |
|
47 |
Now that's a tradeoff. |
48 |
|
49 |
-- |
50 |
Thierry Carrez |
51 |
Operational Manager, Gentoo Linux Security |