The recent discussion on how to protect the portage tree from
man-in-the-middle attacks has concentrated on signing either the portage
tarball or the individual files in the tree.
What about approaching the problem the way OpenBSD deals with its ports,
that is with cvs over an ssh tunnel to authorized mirrors. The only
drawback I see is that many gentoo users use rsync, but the cvs approach
could be added on top of what already exists and security conscious users
will then have the option of switching.
-------------------------------------------------------------------
Anthony G. Basile, Ph.D.
Director of Information Technology,
D'Youville College,
320 Porter Ave.
Buffalo NY, 14201
Work: (716) 829-8197 (voicemail)
--
gentoo-security@gentoo.org mailing list
man-in-the-middle attacks has concentrated on signing either the portage
tarball or the individual files in the tree.
What about approaching the problem the way OpenBSD deals with its ports,
that is with cvs over an ssh tunnel to authorized mirrors. The only
drawback I see is that many gentoo users use rsync, but the cvs approach
could be added on top of what already exists and security conscious users
will then have the option of switching.
-------------------------------------------------------------------
Anthony G. Basile, Ph.D.
Director of Information Technology,
D'Youville College,
320 Porter Ave.
Buffalo NY, 14201
Work: (716) 829-8197 (voicemail)
--
gentoo-security@gentoo.org mailing list