| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 02/07/2014 10:29 AM, marco@×××××××.it wrote: |
| 5 |
> Hi, |
| 6 |
> is it possible to sign a binary package to prevent it to be |
| 7 |
> compromised ? |
| 8 |
> |
| 9 |
> If yes how can i check the signature from the package downloaded by |
| 10 |
> PORTAGE_BINHOST ? |
| 11 |
> |
| 12 |
> Thanks :) |
| 13 |
> |
| 14 |
> |
| 15 |
> |
| 16 |
There are multiple open bugs with suggestions on doing this, as of yet, |
| 17 |
none of them have even a PoC attached. This will likely come when |
| 18 |
dol-sen finishes his gentoo-keyring project. |
| 19 |
|
| 20 |
Until then, ssl or ssh as the fetch method from the binhost would be the |
| 21 |
recommended option. |
| 22 |
|
| 23 |
- -Zero |
| 24 |
-----BEGIN PGP SIGNATURE----- |
| 25 |
Version: GnuPG v2.0.22 (GNU/Linux) |
| 26 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
| 27 |
|
| 28 |
iQIcBAEBAgAGBQJS9RBTAAoJEKXdFCfdEflK+AYQAKcLKt5UDE0vfQ5onkDz9dPo |
| 29 |
7FEhrgiCkQvcDsTRy8ymxydQda+RR4b1ekee0RT8QY3uCg0ZgiORU7Zu1Yoi2DJE |
| 30 |
n/A0ietB3jjiPCf/3RdWrDMrZPj5lSUB2ZNHmqoIK5f3PVf7unzBXo7a21+4aj5s |
| 31 |
UEe+4G1v07cUctsCDyWd/KFRJ96K/0vslUeX5Rq6aQhN6sBvLEMIWAXDHQijBe8O |
| 32 |
HMWLVvziJpzLeyYLiI8s5RAySGKZP7aYX+07IMdjP4LWDsA4VcLZuhePS2VwYrZ4 |
| 33 |
55KPfo8Ahkh7zYrs1zpcv5Vdjn6qkofCNw5WAtyV7j7is4O9H6+kMRE14/qZZCeT |
| 34 |
Qcne5Balksa8wMx5vX6g5scXmsRXbOKGSnjxsvA3wJC/D7Uu8JO/YuwS0lrTzEMq |
| 35 |
ZhDAKw5Ykj+c/oMknKgYk8IAfYnSjLbiNX0ecM9QNe0gzOnMSNT7g5UIVZGes+lC |
| 36 |
G8tVg2XhWyLlYx+rRapOfsjI37vHj8L5Yf4cFUe1uMntVmd1ReUIUzcAWoqJCUmC |
| 37 |
hEUq7hxmUKisu1H5lfuSbc7Ji/2B8IOjT7iBIw20yh5HTAru7VzhX4AIJ+tFdt6L |
| 38 |
4jXlvwqmyqWCYW9s2W+Et45TAMDOoDR9r0WU7s1tpcIagNW4RSc82lFyL0vf8V9W |
| 39 |
KCNJEOtQ8J+rDGPF/PGD |
| 40 |
=7wDI |
| 41 |
-----END PGP SIGNATURE----- |
Archives