Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-security

From: Jesse Nelson <yoda@××××××.com>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] emerge sync
Date: Tue, 23 Mar 2004 23:15:07
Message-Id: 20040323231442.GE9379@obi.f00bar.com
In Reply to: Re: [gentoo-security] emerge sync by Jesse Nelson
1 nevermind think this topic has moved to the -dev ML.
2
3 * Jesse Nelson (yoda@××××××.com) wrote:
4 > Date: Tue, 23 Mar 2004 15:10:30 -0800
5 > From: Jesse Nelson <yoda@××××××.com>
6 > To: gentoo-security@l.g.o
7 > User-Agent: Mutt/1.5.6i
8 > X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63
9 > Subject: Re: [gentoo-security] emerge sync
10 >
11 > thought this stuff was discussed long ago bout adding sigs etc to build/dist files, and alot of devs pushed back. ?
12 > i dont recall but least 12-16 months ago ?
13 >
14 >
15 > are there solution proposals out now ? guess need a glep or somthing ?
16 >
17 >
18 > * Kurt Lieber (klieber@g.o) wrote:
19 > > Date: Tue, 23 Mar 2004 05:12:01 -0500
20 > > From: Kurt Lieber <klieber@g.o>
21 > > To: Koon <koon@××××××.net>
22 > > Cc: Jasmine CHUA <Jasmine.Chua@××××××××××××××××.com>,
23 > > gentoo-security@l.g.o
24 > > User-Agent: Mutt/1.5.5.1i
25 > > X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63
26 > > Subject: Re: [gentoo-security] emerge sync
27 > >
28 > > On Tue, Mar 23, 2004 at 10:59:20AM +0100 or thereabouts, Koon wrote:
29 > > > A rsync mirror compromise could definitely lead to a security problem.
30 > > >
31 > > > This is a known problem that is being worked on, and some kind of
32 > > > digital signing check will be built into the ebuild release / rsync
33 > > > process someday...
34 > >
35 > > For anyone subscribed to gentoo-dev, please see the message I just posted
36 > > there which details the problem as well as our lack of effort to solve it.
37 > > Hopefully, enough noise from the community will help give us a swift kick
38 > > in the butt and a wakeup call. (hint: that means you folks)
39 > >
40 > > --kurt
41 >
42 >
43 >
44 > --
45 > gentoo-security@g.o mailing list
46 >
47 >
48
49 --
50 gentoo-security@g.o mailing list
Report Message
Find on MARC Find on Google Groups