| 1 |
On 09 Nov 2004 11:52:30 +0100 |
| 2 |
Peter Simons <simons@××××.to> wrote: |
| 3 |
|
| 4 |
So you have a signed list of hashes, of every file in the tree, not a signed hash of the tree? Makes more sense now. |
| 5 |
|
| 6 |
I am not seeing the difference between that though and the signed hashes that are already implemented. The signing needs to work it's way through the system, and the manifest should cover all files to do with the package, i.e. eclasses etc would have their own manifests that get signed. |
| 7 |
|
| 8 |
I do like the idea of a Master Gentoo Key to sign the dev keys. |
Archives