Gentoo Archives: gentoo-security

From: Jasmine CHUA <Jasmine.Chua@××××××××××××××××.com>
To: gentoo-security@l.g.o
Cc: jonathan.gill@××××××××××.com
Subject: [gentoo-security] emerge sync
Date: Tue, 23 Mar 2004 09:31:35
Message-Id: D21CF92E62AFD51186BC00B0D0B0746D0363A2FA@sinaea10
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA1
3
4
5 Dear all,
6
7 I am concerned with the security aspects of running an `emerge sync`. Is
8 there any way to verify the packages to be downloaded from running an emerge
9 sync? What if the gentoo rsync server gets hacked? Understanding that each
10 ebuild comes with a md5 digest and all packages are safe in this manner but
11 i see that still does not override the possibility that the rsync server may
12 get hacked?
13
14 Currently, we don't allow emerge sync because the firewall blocks the port
15 tcp 53 and i have only just started installing entoo and use emerge-webrsync
16 as my first install. ;(
17
18 Any advise is appreciated.
19
20 Cheers,
21 Jasmine
22
23
24 -----BEGIN PGP SIGNATURE-----
25 Version: PGP 7.0.1
26
27 iQA/AwUBQGAD1v4wcdIw6CVjEQLKWgCg6oCHBdW1OiXRCuQz0uB2mJC1JFcAn1Fn
28 G1wZrcc4te29MOBq4FyQ+2Y+
29 =TUSm
30 -----END PGP SIGNATURE-----

Attachments

File name MIME type
PGPexch.rtf.asc application/octet-stream

Replies

Subject Author
Re: [gentoo-security] emerge sync Koon <koon@××××××.net>