Gentoo Archives: gentoo-security

From: Matthias Geerdsen <vorlon@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Portage rsync security
Date: Thu, 20 Mar 2008 13:48:05
Message-Id: 47E26ACD.1060903@gentoo.org
In Reply to: Re: [gentoo-security] Portage rsync security by Robert Buchholz
1 Robert Buchholz wrote on 03/20/2008 02:07 PM:
2
3 > (CVS, core gentoo infra) and then check it on the user side. If you
4 > want to do this right now, you can change your tree syncing to manually
5 > download the gpg-signed portage-latest.tar.bz2 tree snapshots from your
6 > local distfiles mirror and check them.
7
8 emerge-webrsync can do the downloading for you. The current version in
9 svn [1] should also be able to handle the verification, just note that
10 the key id changed to 239C75C4 [2].
11
12 Regards,
13 Matthias
14
15 [1]
16 <http://sources.gentoo.org/viewcvs.py/portage/main/trunk/bin/emerge-webrsync?view=markup>
17 [2] <http://bugs.gentoo.org/show_bug.cgi?id=130039>
18
19 --
20 Matthias Geerdsen (vorlon)
21
22 Gentoo Linux Security Team
23 http://security.gentoo.org

Attachments

File name MIME type
signature.asc application/pgp-signature