Re: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918)

On 10/27/2016 10:38 AM, Brian Dolbec wrote: > On Thu, 27 Oct 2016 10:16:42 -0700 > Zac Medico wrote: > >> Use gkeys to verify gpg signatures by default. Refresh the gentoo >> snapshot signing key before signature verification, in order to ensure >> that the latest revocation

Re: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918)

On 10/27/2016 11:09 AM, Alexander Berntsen wrote: > On 27/10/16 19:16, Zac Medico wrote: >> Use gkeys to verify gpg signatures by default. Refresh the gentoo >> snapshot signing key before signature verification, in order to >> ensure that the latest revocation data is available. Add an >>

Re: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918)

On 27/10/16 19:16, Zac Medico wrote: > Use gkeys to verify gpg signatures by default. Refresh the gentoo > snapshot signing key before signature verification, in order to > ensure that the latest revocation data is available. Add an > --insecure option which disables gpg signature verification.

Re: [gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918)

On Thu, 27 Oct 2016 10:16:42 -0700 Zac Medico wrote: > Use gkeys to verify gpg signatures by default. Refresh the gentoo > snapshot signing key before signature verification, in order to ensure > that the latest revocation data is available. Add an --insecure option > which

[gentoo-portage-dev] [PATCH] emerge-webrsync: use gkeys to verify gpg signatures (bug 597918)

Use gkeys to verify gpg signatures by default. Refresh the gentoo snapshot signing key before signature verification, in order to ensure that the latest revocation data is available. Add an --insecure option which disables gpg signature verification. Warn about man-in-the-middle attacks when the