Gentoo Archives: gentoo-security

From: Chris Frey <cdfrey@×××××××××.ca>
To:
Cc: gentoo-security@l.g.o
Subject: [gentoo-security] Re: Securing portage --- an OpenBSD approach
Date: Fri, 12 Nov 2004 16:30:33
Message-Id: 20041112113008.A18832@netdirect.ca
In Reply to: Re: [gentoo-security] Securing portage --- an OpenBSD approach by Klaus Wagner
1 On Fri, Nov 12, 2004 at 05:16:24PM +0100, Klaus Wagner wrote:
2 > ps. are there any plans for having a https site for gentoo, or
3 > the webservers, where the snapshots are put onto?
4
5 While I'm not opposed to ssl/ssh links in any way, I think this would be
6 more work to install than the signature method that already has a patch.
7
8 Consider:
9
10 Patch method:
11 - no mirror needs to be updated
12 - users can continue to use any available mirrors for
13 the webrsync tar (do they exist?)
14 - the main gentoo server only has to serve the signature
15 (this could be put on a single mirror too, point being
16 that the signature doesn't have to be on every mirror
17 to be effective)
18
19 SSL/SSH method:
20 - either every mirror needs to support it
21 - or anyone who is concerned, suddenly stops using mirrors
22 and switches to the main server
23 - doesn't detect cases where a mirror is compromised
24
25 Just points to be aware of when considering SSL/SSH.
26
27 - Chris
28
29
30 --
31 gentoo-security@g.o mailing list

Replies

Subject Author
Re: [gentoo-security] Re: Securing portage --- an OpenBSD approach Klaus Wagner <klaus@××××××××××.net>