| 1 |
So to avoid "spamming" with 20+ Thank You emails I'll send out just one and |
| 2 |
thank you all collectively for the information provided (I hope this isn't |
| 3 |
rude - I'm not sure of proper protocol in this situation). |
| 4 |
|
| 5 |
I have a lot more insight now and some new ideas of where I need to look to |
| 6 |
learn more. This is a great community and it reflects in the OS - I don't |
| 7 |
know why I waited so long to try Gentoo.(??)! |
| 8 |
-john |
| 9 |
|
| 10 |
-----Original Message----- |
| 11 |
From: Jonas de Buhr [mailto:jonas.de.buhr@×××.net] |
| 12 |
Sent: Wednesday, April 07, 2010 8:35 AM |
| 13 |
To: gentoo-user@l.g.o |
| 14 |
Subject: Re: [gentoo-user] Portage + checksums |
| 15 |
|
| 16 |
|
| 17 |
>This was an argument against Gentoo more than six or seven years ago |
| 18 |
>with regards to the security of whole portage system. |
| 19 |
|
| 20 |
Every package management system which uses hashes to verify integrity |
| 21 |
has the same problems. |
| 22 |
|
| 23 |
I think a lot of source tarballs are downloaded from the official sites |
| 24 |
anyway. Someone really paranoid might manually check the patches. |
| 25 |
|
| 26 |
>A number of |
| 27 |
>suggestions were made in those early days, one of them being to sync |
| 28 |
>with two mirrors and diff the ebuilds/Manifests/Distfiles affected by |
| 29 |
>these two most recent syncs. As far as I know people didn't go for |
| 30 |
>this because it was perceived that the system as implemented was |
| 31 |
>secure enough and anyway the proposed solution would put too much |
| 32 |
>pressure on the mirrors. |
| 33 |
|
| 34 |
I do not have the intention to restart the discussion you mentioned. |
| 35 |
But getting hashes and tarballs from the same source (mirror) doesn't go |
| 36 |
far for security. At the moment I just trust the official mirrors and |
| 37 |
trust that the community would realize soon if there were trojaned |
| 38 |
packages the same way I trust apache or the kernel devs not to do |
| 39 |
anything funny. |
| 40 |
|
| 41 |
But I still like the idea of files signed with asynchr. crypt. I sure |
| 42 |
will have a look into "FEATURES=sign". |
| 43 |
|
| 44 |
/jdb |
Archives