From: Andrew Savchenko <bircoph@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] ChangeLog
Date: Wed, 4 Nov 2015 11:56:07 +0300 [thread overview]
Message-ID: <20151104115607.b0fda71683cab25d1a337169@gentoo.org> (raw)
In-Reply-To: <56361950.3010101@gentoo.org>
[-- Attachment #1: Type: text/plain, Size: 877 bytes --]
On Sun, 1 Nov 2015 14:53:20 +0100 hasufell wrote:
> >> You shouldn't use rsync anymore, it is inherently insecure. The git
> >> tree is _properly_ gpg signed so you can verify it's correctness.
> >>
> >> With the following portage configuration/hooks, any user can run the
> >> tree directly from git:
> >> https://github.com/hasufell/portage-gentoo-git-config
> >
> > More secure by fetching metadata cache via rsync ?
> > Better by running egencache after each sync ?
> > I don't think so.
> >
>
> Yes it is.
No, it is not. The whole git tree is insecure and no better than
rsync or CVS in terms of data security because SHA1 is vulnerable.
What we really need for security is GnuPG-signed tree. Right now we
have only signed commits and pushes. This is work in progress if
understand correctly current situation.
Best regards,
Andrew Savchenko
[-- Attachment #2: Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-11-04 16:14 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-01 12:16 [gentoo-dev] ChangeLog Patrick Lauer
2015-11-01 12:22 ` Anthony G. Basile
2015-11-02 20:05 ` Daniel Campbell
2015-11-02 20:22 ` Vadim A. Misbakh-Soloviov
2015-11-02 21:17 ` Aaron W. Swenson
2015-11-03 4:24 ` Jeroen Roovers
2015-11-03 14:33 ` Aaron W. Swenson
2015-11-01 12:33 ` Мисбах-Соловьёв Вадим
2015-11-01 12:53 ` Rich Freeman
2015-11-01 13:25 ` Patrick Lauer
2015-11-03 21:17 ` Pacho Ramos
2015-11-01 13:24 ` hasufell
2015-11-01 13:28 ` Patrick Lauer
2015-11-01 13:33 ` hasufell
2015-11-01 13:47 ` Alexis Ballier
2015-11-01 13:53 ` hasufell
2015-11-04 8:56 ` Andrew Savchenko [this message]
2015-11-04 16:18 ` hasufell
2015-11-04 16:28 ` Kristian Fiskerstrand
2015-11-04 16:33 ` Chí-Thanh Christopher Nguyễn
2015-11-04 16:38 ` hasufell
2015-11-04 16:44 ` Chí-Thanh Christopher Nguyễn
2015-11-04 17:23 ` hasufell
2015-11-01 14:19 ` Rich Freeman
2015-11-01 15:00 ` Alexis Ballier
2015-11-01 15:17 ` Rich Freeman
2015-11-01 15:24 ` Alexis Ballier
2015-11-01 17:26 ` Rich Freeman
2015-11-01 22:10 ` Alexis Ballier
2015-11-01 15:29 ` [gentoo-dev] ChangeLog Martin Vaeth
2015-11-01 17:31 ` Rich Freeman
2015-11-01 13:51 ` [gentoo-dev] ChangeLog Мисбах-Соловьёв Вадим
2015-11-01 13:57 ` hasufell
2015-11-01 16:01 ` [gentoo-dev] ChangeLog Martin Vaeth
2015-11-01 16:19 ` Мисбах-Соловьёв Вадим
2015-11-01 16:30 ` Ciaran McCreesh
2015-11-01 16:34 ` Мисбах-Соловьёв Вадим
2015-11-01 20:33 ` Martin Vaeth
2015-11-01 20:38 ` Kristian Fiskerstrand
2015-11-01 20:59 ` Rich Freeman
2015-11-01 21:26 ` Martin Vaeth
2015-11-01 20:24 ` Martin Vaeth
2015-11-02 12:10 ` Tobias Klausmann
2015-11-01 22:38 ` Chí-Thanh Christopher Nguyễn
2015-11-01 16:11 ` [gentoo-dev] ChangeLog Мисбах-Соловьёв Вадим
2015-11-01 22:30 ` Michael Orlitzky
2015-11-02 1:22 ` [gentoo-dev] ChangeLog Duncan
2015-11-02 1:56 ` Rich Freeman
2015-11-02 6:08 ` Dale
2015-11-02 12:06 ` Rich Freeman
2015-11-02 20:00 ` Dale
2015-11-02 20:09 ` Ciaran McCreesh
2015-11-02 21:54 ` Dale
2015-11-02 22:02 ` hasufell
2015-11-03 1:20 ` Dale
2015-11-03 1:52 ` Matt Turner
2015-11-03 2:15 ` Dale
2015-11-03 7:22 ` Patrick Lauer
2015-11-03 12:00 ` Rich Freeman
2015-11-03 15:04 ` Chí-Thanh Christopher Nguyễn
2015-11-03 15:16 ` hasufell
2015-11-03 15:28 ` Rich Freeman
2015-11-05 14:33 ` Alexis Ballier
2015-11-07 4:25 ` Raymond Jennings
2015-11-07 22:24 ` Robin H. Johnson
2015-11-03 2:12 ` Rich Freeman
2015-11-03 2:31 ` Dale
2015-11-03 3:17 ` Rich Freeman
2015-11-03 6:43 ` Duncan
2015-11-03 6:52 ` Duncan
2015-11-03 11:41 ` Rich Freeman
2015-11-03 8:07 ` Dale
2015-11-03 2:32 ` Dale
2015-11-02 21:40 ` Daniel Campbell
2015-11-02 6:24 ` Patrick Lauer
2015-11-02 12:17 ` Rich Freeman
2015-11-02 8:04 ` Duncan
2015-11-02 2:04 ` Michael Orlitzky
2015-11-02 6:27 ` Patrick Lauer
2015-11-02 15:04 ` Michael Orlitzky
2015-11-14 16:36 ` Peter Stuge
2015-11-02 5:50 ` [gentoo-dev] ChangeLog - Infra Response Robin H. Johnson
2015-11-02 6:18 ` Michał Górny
2015-11-02 7:05 ` Ulrich Mueller
2015-11-02 20:18 ` Robin H. Johnson
2015-11-05 11:54 ` Alexis Ballier
2015-11-05 12:39 ` Ulrich Mueller
2015-11-07 23:07 ` Markos Chandras
2015-11-08 11:34 ` Andreas K. Huettel
2015-11-11 23:11 ` [gentoo-dev] ChangeLog - Infra Response; update 2015/11/11, potential impact to 30min rsync cycle Robin H. Johnson
2015-11-12 2:08 ` [gentoo-dev] " Duncan
2015-11-12 10:46 ` [gentoo-dev] " Alexis Ballier
2015-11-12 10:49 ` Jason Zaman
2015-11-12 10:52 ` Alexis Ballier
2015-11-12 10:57 ` Alexander Tsoy
2015-11-12 11:50 ` Alexander Tsoy
2015-11-12 11:12 ` Ulrich Mueller
2015-11-15 8:01 ` [gentoo-dev] " Ryan Hill
2015-11-14 17:01 ` [gentoo-dev] " Peter Stuge
2015-11-18 14:48 ` Peter Stuge
2015-11-18 17:55 ` Michael Orlitzky
2015-11-18 18:01 ` Michael Orlitzky
2015-11-02 16:37 ` [gentoo-dev] ChangeLog - Infra Response Brian Dolbec
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151104115607.b0fda71683cab25d1a337169@gentoo.org \
--to=bircoph@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox