On Sun, Feb 20, 2005 at 05:14:06PM -0500, Aron Griffis wrote: > One more thing... I spent a long time talking with somebody at the > booth about the security of the portage tree. I talked about our > digests, manifests, and the fact that we're working on signing the > manifests. He was pretty happy with the state of things, but it was a > wake-up call to me that we need to get with enforcement of gpg signing > manifests. AFAIK, the lack of enforcement is the only real weakness > in our current setup. Err... enforcement in terms of forcing devs to sign everything? That is only part of the pie. Take a _hard_ look at eclasses. Then, take an even _harder_ look at profile bashrc's, and what they technically are capable of, and the fact that all installations use a profile (atm, there isn't a common profile that all inherit from, but at some point it may occur).
So yeah. Assuming glep33 is greenlighted (a touch up will be posted in the next few days of it), eclass/elib signing I'll be handling. Profile signing is another beast that's needed, and help would be appreciated (as always, clean patches/discussion of how to do it properly/etc is always welcome). Beyond that, to save the portage devs sanity from people screaming "SHA1 is broken!" (it's not, just weakened), I'll be looking at centralizing, and making the digest code a bit more pluggable- basically do a handler setup, mapping a CHF to a function... ~brian -- [email protected] mailing list
