Gentoo Archives: gentoo-security

From: Florian Philipp <lists@××××××××××××××××××.net>
To: gentoo-security@l.g.o
Subject: [gentoo-security] Portage rsync security
Date: Thu, 20 Mar 2008 10:46:58
Message-Id: 1206009940.22869.11.camel@NOTE_GENTOO64.PHHEIMNETZ
1 Hi list!
3 Am I right that there is currently no way portage tries to verify that
4 the rsync-mirror is not spoofed?
6 Doesn't that pose a major threat? If I were able to manipulate the
7 domain name resolution, I could easily trick gentooers into making false
8 updates and thus executing a malicious program with root-permission on
9 their machine.
12 So, why isn't there some kind of public key authentication going on, at
13 least optionally?
15 By the way: How does gentoo's gpg-feature work. The man-page doesn't
16 contain an explanation.


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-security] Portage rsync security Mansour Moufid <mansourmoufid@×××××.com>
Re: [gentoo-security] Portage rsync security Robert Buchholz <rbu@g.o>