Marius Mauch wrote: > On Fri, 19 May 2006 12:28:04 -0400 > Peter <[EMAIL PROTECTED]> wrote: > >> Who signs the Manifests? Why are some unsigned? Is there a single >> Gentoo Security Key (like I know Slackware has and some other distros >> to ensure the authenticity of their files)? > > Because the whole signing stuff isn't official, there has been a > (partial) implementation plan a few years back, some people started to > use it but is has never become official, the implementation is > incomplete and there it can't and won't be enforced yet.
iirc, infra implemented signing of the daily portage snapshots. It was a crude/simple way to get our tree 'signed', but its far from a scalable nor proper solution. I think we only provided it since it didn't take much effort for us to at least implement it and it gave the anal people the ability to at least have some form of validity. It is one of the options I know of currently. Cheers- -- Lance Albertson <[EMAIL PROTECTED]> Gentoo Infrastructure | Operations Manager --- GPG Public Key: <http://www.ramereth.net/lance.asc> Key fingerprint: 0423 92F3 544A 1282 5AB1 4D07 416F A15D 27F4 B742 ramereth/irc.freenode.net
signature.asc
Description: OpenPGP digital signature
