From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1R9I8i-0002vy-Hg for garchives@archives.gentoo.org; Thu, 29 Sep 2011 15:03:08 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 9484E21C2E9; Thu, 29 Sep 2011 15:02:54 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 46E8821C0B0 for ; Thu, 29 Sep 2011 15:02:20 +0000 (UTC) Received: from [192.168.3.7] (cpe-74-77-238-39.buffalo.res.rr.com [74.77.238.39]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: blueness) by smtp.gentoo.org (Postfix) with ESMTPSA id AAC7C64B0A for ; Thu, 29 Sep 2011 15:02:19 +0000 (UTC) Message-ID: <4E848879.2050100@gentoo.org> Date: Thu, 29 Sep 2011 11:02:17 -0400 From: "Anthony G. Basile" User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.20) Gecko/20110919 Lightning/1.0b3pre Lanikai/3.1.12 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: Gentoo Development Subject: [gentoo-dev] Manifest signing X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: b9d62423c01aa883724c9fbf8850a18b Hi everyone, The issue of Manifest signing came up in #gentoo-hardened channel ... again. Its clearly a security issue and yet many manifests in the tree are still not signed. Is there any chance that we can agree to reject unsigned manifests? Possibly a question for the Council to adjudicate? -- Anthony G. Basile, Ph.D. Gentoo Linux Developer [Hardened] E-Mail : blueness@gentoo.org GnuPG FP : 8040 5A4D 8709 21B1 1A88 33CE 979C AF40 D045 5535 GnuPG ID : D0455535