| 1 |
> > The current development effort that is underway is not one that can be |
| 2 |
> > implemented overnight, but there is a solution that manages to satisfy |
| 3 |
> > the core needs of this thread that can be implemented overnight. |
| 4 |
I second that. |
| 5 |
|
| 6 |
To reply to a few other threads: |
| 7 |
1) This is no disrespect to the gentoo devs (kudos here) or the other, |
| 8 |
better solution that is in the works. Just a band-aid we would rather |
| 9 |
have now. |
| 10 |
2) To all those saying that code should be submitted, we do not have |
| 11 |
access to the rsync servers needed to code 5 lines of bash. |
| 12 |
|
| 13 |
> I would advise everybody to read through aforementioned discussions in the |
| 14 |
> archives of gentoo-dev@g.o before persuing this. Something that |
| 15 |
> appears so simple as this on the surface still has a number of sharp edges. |
| 16 |
> The infrastructure team would have to do some careful planning and possibly |
| 17 |
> restructing of job control on the master rsync and cvs servers. The portage |
| 18 |
> team would need to implement support for verifying the signature is valid. |
| 19 |
> Whoever else would have to plan and implement distribution of this |
| 20 |
> all-powerful key. |
| 21 |
I think we all admit it may take some time, but we are talking about the |
| 22 |
quick and dirty solution as a stop-gap measure, nothing else. |
| 23 |
And if the better solution takes more than 1.5years to roll out, backup |
| 24 |
plans are just common sense - not criticism. |
| 25 |
|
| 26 |
> But it doesn't stop there. Following this would be plan of action for the case |
| 27 |
> that the all-powerful key is compromised. Then there is also the up to six |
| 28 |
> month transition period between this solution and the solution that is |
| 29 |
> currently being implemented. That also requires careful planning and |
| 30 |
> implementation. So.. adding this simple solution now actually more than |
| 31 |
> doubles the amount of work that needs to be done down the track. |
| 32 |
Would you care to expand on that? |
| 33 |
|
| 34 |
I is just a cron job and a script, how would that double the amount of |
| 35 |
work in the future?!? |
| 36 |
|
| 37 |
Antoine |
| 38 |
|
| 39 |
|
| 40 |
-- |
| 41 |
gentoo-security@g.o mailing list |
Archives