| 1 |
Ed Grimm writes: |
| 2 |
|
| 3 |
> Would the obvious fix not be provide signed Manifest |
| 4 |
> files for the eclasses as well? |
| 5 |
|
| 6 |
Yes, that would fix the problem. However, if you want to |
| 7 |
make sure your tree is properly authenticated, you have |
| 8 |
authenticate _every single file_ in it. In a day and age |
| 9 |
where people can hack your machine by setting appropriate |
| 10 |
pixels in a GIF image, I wouldn't take any unnecessary |
| 11 |
risks. Having dozens of signatures split over dozens of |
| 12 |
directories is not a (human-)failure-resistant procedure, |
| 13 |
IMHO. |
| 14 |
|
| 15 |
I am also not quite certain yet how to bootstrap the system |
| 16 |
securely. For example: Where does the properly authenticated |
| 17 |
GPG ebuild come from? |
| 18 |
|
| 19 |
Anyway, if all files are covered by the manifests, then it |
| 20 |
would be secure. |
| 21 |
|
| 22 |
Peter |
| 23 |
|
| 24 |
|
| 25 |
-- |
| 26 |
gentoo-security@g.o mailing list |
Archives