Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Gentoo>
  3. Security
Let's wrap this up shall we...
denisroy at spam
Nov 9, 2004, 8:37 PM
Post #1 of 2 (933 views)
Permalink
by not giving our here friend's Peter the attention he so crave.

Obviously he has nothing better to do than to bait people into flaming
him publicly or privately since it enables him the luxury of venting
through his replies.

As my good ole mother use to say: "just be wiser than your nagging
brother: ignore him, he'll eventually go away"

So let's ignore this problem and focus on the real one: coding ourselves
the best portage tree signing Peter could not himself do while he blows
his own little whistle on someone else's list.

On your mark, ready, filter :P

Denis Roy

--
gentoo-security@gentoo.org mailing list
Re: Let's wrap this up shall we... [ In reply to ]
koon at gentoo
Nov 10, 2004, 2:43 AM
Post #2 of 2 (873 views)
Permalink
Den wrote:

> by not giving our here friend's Peter the attention he so crave.
>
> Obviously he has nothing better to do than to bait people into flaming
> him publicly or privately since it enables him the luxury of venting
> through his replies.
>
> As my good ole mother use to say: "just be wiser than your nagging
> brother: ignore him, he'll eventually go away"
>
> So let's ignore this problem and focus on the real one: coding ourselves
> the best portage tree signing Peter could not himself do while he blows
> his own little whistle on someone else's list.
>
> On your mark, ready, filter :P

I think this thread wasn't completely useless. Hopefully it will help
speed up the implementation of the final and complete solution we've
underway since a long time.

This solution, nobody complained here it wasn't good. The only complaint
we heard was that it wasn't implemented fast enough. That's already a
big improvement... the last time this was brought up in gentoo-dev there
was another endless thread where everyone was telling THEIR solution was
the best. Good thing we finally reached consensus on what is the best
solution.

I'm pretty sure almost all Gentoo developers subscribed to this
particular list (gentoo-security) already do all they can so that this
final solution gets implemented the fastest possible. So yelling at
Gentoo developers here won't speed up anything. There are other
developers out there that don't think this is top-priority. They are the
one this thread should evangelize. And no, yelling at people is not the
best way to do evangelization.

This has been a long-term effort, and finally we're seeing good
progress, with portage signing support in 2.0.51 deployed. Having a
band-aid deployed as a temporary workaround while we're in the last
rounds will only delay further adoption of the one and real true
solution. If it's deployed, we'll have quite a bunch of devs saying
there is no need for them to create a package signing key since
everything is now "secure" thanks to this genius solution. It will
likely double the time needed for the final and complete (and auditable)
solution to be deployed.

Now that's a tradeoff.

--
Thierry Carrez
Operational Manager, Gentoo Linux Security

Attached Files:

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal