For those who have expressed an interest in signed snapshots, here's an
update.
CURRENT STATUS
==============
The 2004.3 release stuff got me a bit side-tracked, but as of tomorrow, we
should have the first officially signed snapshot available on our mirrors.
For reference, the main mirror is here:
http://gentoo.osuosl.org/snapshots/
So if the files are there, then all is working correctly.
The GPG key ID is: D8BA32AA
The fingerprint is: 8861 8228 9048 D40B 3C3B ADDA 6DC2 26AA D8BA 32AA
It is currently available on (at least) pgp.mit.edu and keyserver.net. I
haven't figured out a good place to post it on the web site, so I'm open to
suggestions.
NEXT STEPS
==========
Make sure the signatures are working as expected and that they don't cause
any other unforseen problems.
NEEDS TO BE DONE
================
So far, nobody has written a patch that will modify emerge-webrsync to
check these signatures. For now, you will have to check things manually.
If/when someone does submit a patch, I will pass it along to the
emerge-webrsync maintainer. There is also a chance that one of the devs
will make the changes as well, but no commitments have been made.
--kurt
update.
CURRENT STATUS
==============
The 2004.3 release stuff got me a bit side-tracked, but as of tomorrow, we
should have the first officially signed snapshot available on our mirrors.
For reference, the main mirror is here:
http://gentoo.osuosl.org/snapshots/
So if the files are there, then all is working correctly.
The GPG key ID is: D8BA32AA
The fingerprint is: 8861 8228 9048 D40B 3C3B ADDA 6DC2 26AA D8BA 32AA
It is currently available on (at least) pgp.mit.edu and keyserver.net. I
haven't figured out a good place to post it on the web site, so I'm open to
suggestions.
NEXT STEPS
==========
Make sure the signatures are working as expected and that they don't cause
any other unforseen problems.
NEEDS TO BE DONE
================
So far, nobody has written a patch that will modify emerge-webrsync to
check these signatures. For now, you will have to check things manually.
If/when someone does submit a patch, I will pass it along to the
emerge-webrsync maintainer. There is also a chance that one of the devs
will make the changes as well, but no commitments have been made.
--kurt