Gentoo Archives: gentoo-security

From: Matthias Geerdsen <vorlon@g.o>
To: gentoo-security@l.g.o
Subject: Re: [gentoo-security] Portage rsync security
Date: Thu, 20 Mar 2008 13:48:05
In Reply to: Re: [gentoo-security] Portage rsync security by Robert Buchholz
Robert Buchholz wrote on 03/20/2008 02:07 PM:

> (CVS, core gentoo infra) and then check it on the user side. If you > want to do this right now, you can change your tree syncing to manually > download the gpg-signed portage-latest.tar.bz2 tree snapshots from your > local distfiles mirror and check them.
emerge-webrsync can do the downloading for you. The current version in svn [1] should also be able to handle the verification, just note that the key id changed to 239C75C4 [2]. Regards, Matthias [1] <> [2] <> -- Matthias Geerdsen (vorlon) Gentoo Linux Security Team


File name MIME type
signature.asc application/pgp-signature