1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 02/07/2014 10:29 AM, marco@×××××××.it wrote: |
5 |
> Hi, |
6 |
> is it possible to sign a binary package to prevent it to be |
7 |
> compromised ? |
8 |
> |
9 |
> If yes how can i check the signature from the package downloaded by |
10 |
> PORTAGE_BINHOST ? |
11 |
> |
12 |
> Thanks :) |
13 |
> |
14 |
> |
15 |
> |
16 |
There are multiple open bugs with suggestions on doing this, as of yet, |
17 |
none of them have even a PoC attached. This will likely come when |
18 |
dol-sen finishes his gentoo-keyring project. |
19 |
|
20 |
Until then, ssl or ssh as the fetch method from the binhost would be the |
21 |
recommended option. |
22 |
|
23 |
- -Zero |
24 |
-----BEGIN PGP SIGNATURE----- |
25 |
Version: GnuPG v2.0.22 (GNU/Linux) |
26 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
27 |
|
28 |
iQIcBAEBAgAGBQJS9RBTAAoJEKXdFCfdEflK+AYQAKcLKt5UDE0vfQ5onkDz9dPo |
29 |
7FEhrgiCkQvcDsTRy8ymxydQda+RR4b1ekee0RT8QY3uCg0ZgiORU7Zu1Yoi2DJE |
30 |
n/A0ietB3jjiPCf/3RdWrDMrZPj5lSUB2ZNHmqoIK5f3PVf7unzBXo7a21+4aj5s |
31 |
UEe+4G1v07cUctsCDyWd/KFRJ96K/0vslUeX5Rq6aQhN6sBvLEMIWAXDHQijBe8O |
32 |
HMWLVvziJpzLeyYLiI8s5RAySGKZP7aYX+07IMdjP4LWDsA4VcLZuhePS2VwYrZ4 |
33 |
55KPfo8Ahkh7zYrs1zpcv5Vdjn6qkofCNw5WAtyV7j7is4O9H6+kMRE14/qZZCeT |
34 |
Qcne5Balksa8wMx5vX6g5scXmsRXbOKGSnjxsvA3wJC/D7Uu8JO/YuwS0lrTzEMq |
35 |
ZhDAKw5Ykj+c/oMknKgYk8IAfYnSjLbiNX0ecM9QNe0gzOnMSNT7g5UIVZGes+lC |
36 |
G8tVg2XhWyLlYx+rRapOfsjI37vHj8L5Yf4cFUe1uMntVmd1ReUIUzcAWoqJCUmC |
37 |
hEUq7hxmUKisu1H5lfuSbc7Ji/2B8IOjT7iBIw20yh5HTAru7VzhX4AIJ+tFdt6L |
38 |
4jXlvwqmyqWCYW9s2W+Et45TAMDOoDR9r0WU7s1tpcIagNW4RSc82lFyL0vf8V9W |
39 |
KCNJEOtQ8J+rDGPF/PGD |
40 |
=7wDI |
41 |
-----END PGP SIGNATURE----- |