1 |
The recent discussion on how to protect the portage tree from |
2 |
man-in-the-middle attacks has concentrated on signing either the portage |
3 |
tarball or the individual files in the tree. |
4 |
|
5 |
What about approaching the problem the way OpenBSD deals with its ports, |
6 |
that is with cvs over an ssh tunnel to authorized mirrors. The only |
7 |
drawback I see is that many gentoo users use rsync, but the cvs approach |
8 |
could be added on top of what already exists and security conscious users |
9 |
will then have the option of switching. |
10 |
|
11 |
------------------------------------------------------------------- |
12 |
|
13 |
Anthony G. Basile, Ph.D. |
14 |
Director of Information Technology, |
15 |
D'Youville College, |
16 |
320 Porter Ave. |
17 |
Buffalo NY, 14201 |
18 |
|
19 |
Work: (716) 829-8197 (voicemail) |
20 |
|
21 |
|
22 |
-- |
23 |
gentoo-security@g.o mailing list |