1 |
On Mon, Nov 08, 2004 at 06:01:18PM +0000, Kurt Lieber wrote: |
2 |
> You suggested one "solution" which is sub-optimal. |
3 |
[snip] |
4 |
> You don't seem very interested in solving this problem. Instead, you seem |
5 |
> very interested in making a lot of noise. |
6 |
|
7 |
Peter's latest suggestion on the list was quite detailed and would |
8 |
seem to work now. He even suggested that the global signing key |
9 |
be auto-revoked in 3 months, to let it be known that it is a temporary |
10 |
measure. |
11 |
|
12 |
I think that those concerned enough to run the verification script would |
13 |
not mind the occasional missing sha1sum from a file that wasn't checked |
14 |
in the proper time window. They would just delete that particular file, |
15 |
or sync again. |
16 |
|
17 |
I think this is ideal. It provides a (sub-optimal) solution |
18 |
that works over night, while not hindering any forward progress on the |
19 |
optimal one. |
20 |
|
21 |
If someone posted a working and self-tested shell script that does this |
22 |
task, could it be installed? Who do we contact to make that decision? |
23 |
|
24 |
In hope, |
25 |
- Chris |
26 |
|
27 |
|
28 |
-- |
29 |
gentoo-security@g.o mailing list |