Mailing List Archive

On Fri, Nov 12, 2004 at 10:47:11AM -0500 or thereabouts, Chris Frey wrote:
> I'm just curious if there is any plan to install Peter's patch. I haven't
> heard any explanations of why it won't work, since it only signs a checksum
> of the tarball, so shouldn't have any load or bandwidth drawbacks.

This has already been discussed on the list. I made the original
suggestion regarding singning snapshots in the first place, so of course
I'm willing to implement the patch.

I have the script on the main server right now -- it's just not in
production yet. I've got one or two small issues to iron out and then
it will be rolled out. At this point, nobody has written code to modify
emerge-webrsync to support the signed snapshots. Until that happens,
checking will be left to the user to perform manually.

And, to answer the next question: Real Soon Now.

--kurt

Whoohoo! :-)

Thanks Kurt,
- Chris


On Fri, Nov 12, 2004 at 04:27:49PM +0000, Kurt Lieber wrote:
> On Fri, Nov 12, 2004 at 10:47:11AM -0500 or thereabouts, Chris Frey wrote:
> > I'm just curious if there is any plan to install Peter's patch. I haven't
> > heard any explanations of why it won't work, since it only signs a checksum
> > of the tarball, so shouldn't have any load or bandwidth drawbacks.
>
> This has already been discussed on the list. I made the original
> suggestion regarding singning snapshots in the first place, so of course
> I'm willing to implement the patch.
>
> I have the script on the main server right now -- it's just not in
> production yet. I've got one or two small issues to iron out and then
> it will be rolled out. At this point, nobody has written code to modify
> emerge-webrsync to support the signed snapshots. Until that happens,
> checking will be left to the user to perform manually.
>
> And, to answer the next question: Real Soon Now.
>
> --kurt



--
gentoo-security@gentoo.org mailing list