1 |
nevermind think this topic has moved to the -dev ML. |
2 |
|
3 |
* Jesse Nelson (yoda@××××××.com) wrote: |
4 |
> Date: Tue, 23 Mar 2004 15:10:30 -0800 |
5 |
> From: Jesse Nelson <yoda@××××××.com> |
6 |
> To: gentoo-security@l.g.o |
7 |
> User-Agent: Mutt/1.5.6i |
8 |
> X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 |
9 |
> Subject: Re: [gentoo-security] emerge sync |
10 |
> |
11 |
> thought this stuff was discussed long ago bout adding sigs etc to build/dist files, and alot of devs pushed back. ? |
12 |
> i dont recall but least 12-16 months ago ? |
13 |
> |
14 |
> |
15 |
> are there solution proposals out now ? guess need a glep or somthing ? |
16 |
> |
17 |
> |
18 |
> * Kurt Lieber (klieber@g.o) wrote: |
19 |
> > Date: Tue, 23 Mar 2004 05:12:01 -0500 |
20 |
> > From: Kurt Lieber <klieber@g.o> |
21 |
> > To: Koon <koon@××××××.net> |
22 |
> > Cc: Jasmine CHUA <Jasmine.Chua@××××××××××××××××.com>, |
23 |
> > gentoo-security@l.g.o |
24 |
> > User-Agent: Mutt/1.5.5.1i |
25 |
> > X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 |
26 |
> > Subject: Re: [gentoo-security] emerge sync |
27 |
> > |
28 |
> > On Tue, Mar 23, 2004 at 10:59:20AM +0100 or thereabouts, Koon wrote: |
29 |
> > > A rsync mirror compromise could definitely lead to a security problem. |
30 |
> > > |
31 |
> > > This is a known problem that is being worked on, and some kind of |
32 |
> > > digital signing check will be built into the ebuild release / rsync |
33 |
> > > process someday... |
34 |
> > |
35 |
> > For anyone subscribed to gentoo-dev, please see the message I just posted |
36 |
> > there which details the problem as well as our lack of effort to solve it. |
37 |
> > Hopefully, enough noise from the community will help give us a swift kick |
38 |
> > in the butt and a wakeup call. (hint: that means you folks) |
39 |
> > |
40 |
> > --kurt |
41 |
> |
42 |
> |
43 |
> |
44 |
> -- |
45 |
> gentoo-security@g.o mailing list |
46 |
> |
47 |
> |
48 |
|
49 |
-- |
50 |
gentoo-security@g.o mailing list |