1 |
> > The current development effort that is underway is not one that can be |
2 |
> > implemented overnight, but there is a solution that manages to satisfy |
3 |
> > the core needs of this thread that can be implemented overnight. |
4 |
I second that. |
5 |
|
6 |
To reply to a few other threads: |
7 |
1) This is no disrespect to the gentoo devs (kudos here) or the other, |
8 |
better solution that is in the works. Just a band-aid we would rather |
9 |
have now. |
10 |
2) To all those saying that code should be submitted, we do not have |
11 |
access to the rsync servers needed to code 5 lines of bash. |
12 |
|
13 |
> I would advise everybody to read through aforementioned discussions in the |
14 |
> archives of gentoo-dev@g.o before persuing this. Something that |
15 |
> appears so simple as this on the surface still has a number of sharp edges. |
16 |
> The infrastructure team would have to do some careful planning and possibly |
17 |
> restructing of job control on the master rsync and cvs servers. The portage |
18 |
> team would need to implement support for verifying the signature is valid. |
19 |
> Whoever else would have to plan and implement distribution of this |
20 |
> all-powerful key. |
21 |
I think we all admit it may take some time, but we are talking about the |
22 |
quick and dirty solution as a stop-gap measure, nothing else. |
23 |
And if the better solution takes more than 1.5years to roll out, backup |
24 |
plans are just common sense - not criticism. |
25 |
|
26 |
> But it doesn't stop there. Following this would be plan of action for the case |
27 |
> that the all-powerful key is compromised. Then there is also the up to six |
28 |
> month transition period between this solution and the solution that is |
29 |
> currently being implemented. That also requires careful planning and |
30 |
> implementation. So.. adding this simple solution now actually more than |
31 |
> doubles the amount of work that needs to be done down the track. |
32 |
Would you care to expand on that? |
33 |
|
34 |
I is just a cron job and a script, how would that double the amount of |
35 |
work in the future?!? |
36 |
|
37 |
Antoine |
38 |
|
39 |
|
40 |
-- |
41 |
gentoo-security@g.o mailing list |