1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
Dear all, |
6 |
|
7 |
I am concerned with the security aspects of running an `emerge sync`. Is |
8 |
there any way to verify the packages to be downloaded from running an emerge |
9 |
sync? What if the gentoo rsync server gets hacked? Understanding that each |
10 |
ebuild comes with a md5 digest and all packages are safe in this manner but |
11 |
i see that still does not override the possibility that the rsync server may |
12 |
get hacked? |
13 |
|
14 |
Currently, we don't allow emerge sync because the firewall blocks the port |
15 |
tcp 53 and i have only just started installing entoo and use emerge-webrsync |
16 |
as my first install. ;( |
17 |
|
18 |
Any advise is appreciated. |
19 |
|
20 |
Cheers, |
21 |
Jasmine |
22 |
|
23 |
|
24 |
-----BEGIN PGP SIGNATURE----- |
25 |
Version: PGP 7.0.1 |
26 |
|
27 |
iQA/AwUBQGAD1v4wcdIw6CVjEQLKWgCg6oCHBdW1OiXRCuQz0uB2mJC1JFcAn1Fn |
28 |
G1wZrcc4te29MOBq4FyQ+2Y+ |
29 |
=TUSm |
30 |
-----END PGP SIGNATURE----- |