From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26962 invoked by uid 1002); 7 Sep 2003 20:28:43 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 28838 invoked from network); 7 Sep 2003 20:28:43 -0000 From: Jan Krueger Organization: microgalaxy.net To: Jon Portnoy Date: Sun, 7 Sep 2003 22:34:06 +0000 User-Agent: KMail/1.5.2 Cc: azarah@gentoo.org, Gentoo-Dev , Thomas de Grenier de Latour References: <200309072143.47126.jk@microgalaxy.net> <20030907195643.GA6310@cerberus.oppresses.us> In-Reply-To: <20030907195643.GA6310@cerberus.oppresses.us> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200309072234.06470.jk@microgalaxy.net> Subject: Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection X-Archives-Salt: ae23e786-c600-4977-b3df-334fe247b149 X-Archives-Hash: 975b3f59260885445130d441ed3dde37 On Sunday 07 September 2003 19:56, Jon Portnoy wrote: > The vulnerability at that point is compromised keys, which is why we > would have an uberkey so we can revoke developer keys as soon as > possible. It's not foolproof, but it's a whole lot better. I agree. But thats no excuse to not fix the security/consitency faults in portage that showed up in this discussion. You never know ... It may already be to late for thousends of users until someone of gentoo-core uses the ueberkey, especially in holiday seasons. Or has core, especially in key questions, an availablity of 24/7? > There is no such thing as perfect security short of shutting down your > computer. Yes, you never know... Thats why i would prefer a secure transport layer for emerge, you know? Jan -- gentoo-dev@gentoo.org mailing list