On 03/08/2015 07:59 AM, Patrick Schleizer wrote: > Zac Medico: >> On 03/06/2015 09:50 AM, Mark Kubacki wrote: >>> We're on the same side here. >>> >>> Do we have numbers showing the ratio "portage used with defaults" vs. >>> where "[webrsync-gpg] is described in many hardening guides for gentoo >>> and widely used among the security conscious" applies? >>> >>> DNS not being encrypted is just painting the whole picture. Point is, >>> the default is that "emerge --sync" results in a transfer using RSYNC >>> (or http). >>> >>> And by default you cannot compare the result with any authoritative source. >>> >> >> Ideally, we can rely on security mechanisms built into git [1], possibly >> involving signed commits. >> >> [1] https://github.com/gentoo/gentoo-portage-rsync-mirror > > Then the question is, how secure are signatures when used wit hgit?
And once we answer that question, the question is, is git secure enough for our needs? > A while ago I wrote a blog post asking that question, referencing a lot > related information, started a discussion and also posted this on the > git mailing list. > > "How safe are signed git tags? Only as safe as SHA-1 or somehow safer?" > [1] [2] > > Cheers, > Patrick > > [1] > https://www.whonix.org/blog/how-safe-are-signed-git-tags-only-as-safe-as-sha-1-or-somehow-safer > [2] http://www.mail-archive.com/git@vger.kernel.org/msg61087.html For the time being, I think that git is secure enough for our needs, and I trust that git will implement stronger security soon enough. -- Thanks, Zac