* [gentoo-dev] Idea about signing ebuilds
@ 2002-06-06 18:56 99% Alexander Holler
0 siblings, 0 replies; 1+ results
From: Alexander Holler @ 2002-06-06 18:56 UTC (permalink / raw
To: gentoo-dev
Hello,
what do you think about signing the ebuilds and digests with gpg?
That would make it harder for blackhats to introduce a worm or something
similiar (if they have got access to an rsync mirror).
My idea is to automatically sign the released ebuilds (before mirroring
them) with a key of gentoo.org.
Then emerge could check the sign and could discard wrong ebuilds or just
throws a warning (preferable customized with make.conf).
Just my 2 cents. ;)
Alexander
^ permalink raw reply [relevance 99%]
Results 1-1 of 1 | reverse | options above
-- pct% links below jump to the message on this page, permalinks otherwise --
2002-06-06 18:56 99% [gentoo-dev] Idea about signing ebuilds Alexander Holler
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox