From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 2045 invoked by uid 1002); 8 Sep 2003 00:27:48 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 4079 invoked from network); 8 Sep 2003 00:27:47 -0000 From: Jan Krueger Organization: microgalaxy.net To: azarah@gentoo.org Date: Mon, 8 Sep 2003 02:33:18 +0000 User-Agent: KMail/1.5.2 Cc: Chris Bainbridge , Gentoo-Dev References: <200309080150.28114.jk@microgalaxy.net> <1062980533.8455.220.camel@nosferatu.lan> In-Reply-To: <1062980533.8455.220.camel@nosferatu.lan> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200309080233.18134.jk@microgalaxy.net> Subject: Re: [gentoo-dev] suggestion portage ebuild system file modification rights and protection X-Archives-Salt: cc551906-6562-4910-9d9c-64e6dfe83a46 X-Archives-Hash: eae12c05fee601e49e0749786ec67385 On Monday 08 September 2003 00:22, Martin Schlemmer wrote: > > Thank you for this information. Sounds good :) > > unfortunatly i read it after i answered the mail of Jon Portnoy. > > I thought this is what Jon have been saying I did not read something about: "making individuals responsible for packages (like Debian)" or "to use signatures along with the concept of requiring a certain number of developers to "sign off" an ebuild. Its important that the compromise of a single developer with cvs access shouldn't impact thousands of users. Therefore, most packages should require two or more developer signatures before they will be installed." in the mail of Jon. Sorry. -- gentoo-dev@gentoo.org mailing list