Gentoo Archives: gentoo-security

From: Klaus Wagner <klaus@××××××××××.net>
To: dante@×××××××××××××××.net
Cc: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Securing portage --- an OpenBSD approach
Date: Fri, 12 Nov 2004 13:17:47
Message-Id: 20041112131439.GA5079@aeon.user.lan.at
In Reply to: [gentoo-security] Securing portage --- an OpenBSD approach by dante@virtualblueness.net
1 On Fri, Nov 12, 2004 at 07:54:38AM -0500, dante@×××××××××××××××.net wrote:
2 >
3 > The recent discussion on how to protect the portage tree from
4 > man-in-the-middle attacks has concentrated on signing either the portage
5 > tarball or the individual files in the tree.
6 >
7 > What about approaching the problem the way OpenBSD deals with its ports,
8 > that is with cvs over an ssh tunnel to authorized mirrors. The only
9 > drawback I see is that many gentoo users use rsync, but the cvs approach
10 > could be added on top of what already exists and security conscious users
11 > will then have the option of switching.
12
13 Do you know how the mirrors are authorized? Official certificates, selfsigned,
14 own pki?
15 I think if the rsync mirrors are too stressed for signation, they would be
16 too stressed for rsync too, allthough rsync could be tunneled too.
17
18 Anyway interesting approuch too.
19
20 regards klaus
21
22 --
23 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Securing portage --- an OpenBSD approach Klaus Wagner <klaus@××××××××××.net>
Re: [gentoo-security] Securing portage --- an OpenBSD approach Dan Margolis <krispykringle@g.o>