From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 18213 invoked from network); 16 Nov 2004 17:16:49 +0000 Received: from smtp.gentoo.org (156.56.111.197) by lists.gentoo.org with AES256-SHA encrypted SMTP; 16 Nov 2004 17:16:49 +0000 Received: from lists.gentoo.org ([156.56.111.196] helo=parrot.gentoo.org) by smtp.gentoo.org with esmtp (Exim 4.41) id 1CU6wj-0002yg-NU for arch-gentoo-security@lists.gentoo.org; Tue, 16 Nov 2004 17:16:49 +0000 Received: (qmail 13717 invoked by uid 89); 16 Nov 2004 17:16:28 +0000 Mailing-List: contact gentoo-security-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-security@gentoo.org Received: (qmail 12497 invoked from network); 16 Nov 2004 17:16:27 +0000 Date: Tue, 16 Nov 2004 17:16:27 +0000 From: Kurt Lieber To: gentoo-security@lists.gentoo.org Message-ID: <20041116171627.GH32117@mail.lieber.org> Mail-Followup-To: gentoo-security@gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="DQpa7ozeLWh50je8" Content-Disposition: inline X-GPG-Key: http://www.lieber.org/kurtl.pub.gpg User-Agent: Mutt/1.5.6i Subject: [gentoo-security] update on signed snapshots X-Archives-Salt: 2ead8b13-4ca9-489c-81fe-22efe8cea9c7 X-Archives-Hash: 36183d89774092c76a885f8301f028e8 --DQpa7ozeLWh50je8 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline For those who have expressed an interest in signed snapshots, here's an update. CURRENT STATUS ============== The 2004.3 release stuff got me a bit side-tracked, but as of tomorrow, we should have the first officially signed snapshot available on our mirrors. For reference, the main mirror is here: http://gentoo.osuosl.org/snapshots/ So if the files are there, then all is working correctly. The GPG key ID is: D8BA32AA The fingerprint is: 8861 8228 9048 D40B 3C3B ADDA 6DC2 26AA D8BA 32AA It is currently available on (at least) pgp.mit.edu and keyserver.net. I haven't figured out a good place to post it on the web site, so I'm open to suggestions. NEXT STEPS ========== Make sure the signatures are working as expected and that they don't cause any other unforseen problems. NEEDS TO BE DONE ================ So far, nobody has written a patch that will modify emerge-webrsync to check these signatures. For now, you will have to check things manually. If/when someone does submit a patch, I will pass it along to the emerge-webrsync maintainer. There is also a chance that one of the devs will make the changes as well, but no commitments have been made. --kurt --DQpa7ozeLWh50je8 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFBmjXrJPpRNiftIEYRAsklAJ9YH6pd/eeg19pKM+VEwxBfaGnlPACfRoLo 6SZ5gv4lYyxtFzRI+2onY+k= =aA+B -----END PGP SIGNATURE----- --DQpa7ozeLWh50je8--