From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1R9IFv-0004Ly-28 for garchives@archives.gentoo.org; Thu, 29 Sep 2011 15:10:35 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B52D821C04C; Thu, 29 Sep 2011 15:10:25 +0000 (UTC) Received: from amun.cheops.ods.org (amun.cheops.ods.org [83.161.135.166]) by pigeon.gentoo.org (Postfix) with ESMTP id 24A6021C044 for ; Thu, 29 Sep 2011 15:10:01 +0000 (UTC) Received: from nut.cheops.ods.org ([2001:888:1022:0:ca2a:14ff:fe35:7a00] helo=gentoo.org) by amun.cheops.ods.org with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1R9IFJ-0002BJ-Vw for gentoo-dev@lists.gentoo.org; Thu, 29 Sep 2011 17:10:00 +0200 Date: Thu, 29 Sep 2011 17:09:57 +0200 From: Fabian Groffen To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Manifest signing Message-ID: <20110929150957.GD704@gentoo.org> Mail-Followup-To: gentoo-dev@lists.gentoo.org References: <4E848879.2050100@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="TCH5zSpbvKOKdCih" Content-Disposition: inline In-Reply-To: <4E848879.2050100@gentoo.org> User-Agent: Mutt/1.5.21 (Darwin 11.1.0, VIM - Vi IMproved 7.3) Organization: Gentoo Foundation, Inc. X-Content-Scanned: by amun.cheops.ods.org (Exim Exiscan) using SpamAssassin and ClamAV X-Archives-Salt: X-Archives-Hash: b99550a65c2f65f428583eef1037f777 --TCH5zSpbvKOKdCih Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 29-09-2011 11:02:17 -0400, Anthony G. Basile wrote: > The issue of Manifest signing came up in #gentoo-hardened channel ... > again. Its clearly a security issue and yet many manifests in the tree > are still not signed. Is there any chance that we can agree to reject > unsigned manifests? Possibly a question for the Council to adjudicate? Please refer to Mike's thread on this. http://archives.gentoo.org/gentoo-dev/msg_7210bc8a18140db8f18ff89245efacd5.= xml --=20 Fabian Groffen Gentoo on a different level --TCH5zSpbvKOKdCih Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (Darwin) iEYEARECAAYFAk6EikUACgkQX3X2B8XHTon38ACeIAQ6wahluH8H7QxuRPZokjKs R+4AniI9kbjz+VrXs6Hp8VdKRhUHaets =3U7n -----END PGP SIGNATURE----- --TCH5zSpbvKOKdCih--