From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LgFnI-0000LU-9p for garchives@archives.gentoo.org; Sun, 08 Mar 2009 09:59:40 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1FBB5E0675; Sun, 8 Mar 2009 09:59:39 +0000 (UTC) Received: from mail.fraggod.net (unknown [91.191.238.58]) by pigeon.gentoo.org (Postfix) with ESMTP id D9511E0675 for ; Sun, 8 Mar 2009 09:59:38 +0000 (UTC) Received: from coercion (coercion.core [IPv6:2001:470:1f0b:11de::13]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.fraggod.net (Postfix) with ESMTPSA id B05D8101FDC for ; Sun, 8 Mar 2009 14:59:37 +0500 (YEKT) Date: Sun, 8 Mar 2009 14:56:21 +0500 From: Mike Kazantsev To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] getting digest verification failed when emerging bittorrent Message-ID: <20090308145622.42f658d8@coercion> In-Reply-To: <20090308092519.433c39f8@krikkit.digimed.co.uk> References: <18866.58662.461863.309516@ccs.covici.com> <200903072334.59786.alan.mckinnon@gmail.com> <49B2ED0E.9060605@gmail.com> <20090308092519.433c39f8@krikkit.digimed.co.uk> X-Mailer: Claws Mail 3.7.1 (GTK+ 2.14.7; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/UBrbLOqx81Dk1ijB+YKOy/3"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Archives-Salt: 6fce1c58-1113-4077-92ae-e43d639063c7 X-Archives-Hash: 53592a38da7cee807e41557cc863fe22 --Sig_/UBrbLOqx81Dk1ijB+YKOy/3 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Sun, 8 Mar 2009 09:25:19 +0000 Neil Bothwick wrote: > Don't redigest a distfile unless you can e 100% certain of its validity. On the other hand, the rule can go like this: Always redigest when downloading from official source, unless you can be 100% sure that you've rsync'ed with the valid (tm) mirror, not some third-party-in-the-middle impersonation or malicious developer contribution. --=20 Mike Kazantsev // fraggod.net --Sig_/UBrbLOqx81Dk1ijB+YKOy/3 Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (GNU/Linux) iEYEARECAAYFAkmzlkoACgkQASbOZpzyXnGF4wCgi3bfbqWQXztD3jeTkZzzGQ4T uB0Ani213YtQpaQFyn8Xcu6xUFnhFkWB =loL8 -----END PGP SIGNATURE----- --Sig_/UBrbLOqx81Dk1ijB+YKOy/3--