From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26614 invoked from network); 8 Nov 2004 00:17:39 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 8 Nov 2004 00:17:39 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CQxE3-0002gp-RB for arch-gentoo-security@lists.gentoo.org; Mon, 08 Nov 2004 00:17:39 +0000 Received: (qmail 18268 invoked by uid 89); 8 Nov 2004 00:17:17 +0000 Mailing-List: contact gentoo-security-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Received: (qmail 5599 invoked from network); 8 Nov 2004 00:17:17 +0000 Date: Mon, 8 Nov 2004 00:17:17 +0000 From: Kurt Lieber To: gentoo-security@lists.gentoo.org Message-ID: <20041108001717.GO10927@mail.lieber.org> Mail-Followup-To: gentoo-security@lists.gentoo.org References: <418D310B.6050106@ahsoftware.de> <87sm7lvm17.fsf@peti.cryp.to> <20041107154046.GG10927@mail.lieber.org> <20041107120135.C9045@netdirect.ca> <20041107232655.GN10927@mail.lieber.org> <87zn1tqks5.fsf_-_@peti.cryp.to> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="0lUWL3nN4GV0+Ptw" Content-Disposition: inline In-Reply-To: <87zn1tqks5.fsf_-_@peti.cryp.to> X-GPG-Key: http://www.lieber.org/kurtl.pub.gpg User-Agent: Mutt/1.5.6i Subject: Re: [gentoo-security] No, apparently not. (was: Is anybody else worried about this?) X-Archives-Salt: b8a72e7c-9897-4832-a186-7219df50c6c0 X-Archives-Hash: 966ec2bfb824aae029807570d52aa296 --0lUWL3nN4GV0+Ptw Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline On Mon, Nov 08, 2004 at 12:52:42AM +0100 or thereabouts, Peter Simons wrote: > There is a certain irony to the fact that you (and others) > go on and on lecturing me (and others), all the while it is > perfectly obvious that you have absolutely no idea what this > problem really *means*. Perhaps you haven't done a good job of educating us, then. I will say that I was one of the folks arguing most strongly for getting ebuild signing support in portage, so I certainly see the value in that feature. I also see the value in getting signed eclasses in portage, but I believe that value to be less and not as important as other things within portage that I'd like to see. > So if you guys would like to be the laughing stock of the > free software community once this vulnerability is exploited > for the first time, all I say is: Be my guest. Gentoo is a community-based distribution. I'm sorry you see it as an "us vs. them" thing. I'm also sorry you apparently ignored the part where I said that if you believe this to be a serious problem, then please feel free to provide patches that fix it. Being a community-based distro, we rely on each other to make Gentoo a better distribution. We don't wait for "them" to fix problems. Instead, we roll up our sleeves and become part of the solution. Just because I don't personally agree with your interpretation of this issue doesn't mean that you can't fix it. --kurt --0lUWL3nN4GV0+Ptw Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFBjrsNJPpRNiftIEYRAoXeAJsFehX6AwgLiGP8VLydbpOYbSkYcQCfWw5q y+pZ2jDaL2FDsbCZXwnf+es= =AS5M -----END PGP SIGNATURE----- --0lUWL3nN4GV0+Ptw--