On 10/27/2016 10:38 AM, Brian Dolbec wrote:
> On Thu, 27 Oct 2016 10:16:42 -0700
> Zac Medico wrote:
>
>> Use gkeys to verify gpg signatures by default. Refresh the gentoo
>> snapshot signing key before signature verification, in order to ensure
>> that the latest revocation
On 10/27/2016 11:09 AM, Alexander Berntsen wrote:
> On 27/10/16 19:16, Zac Medico wrote:
>> Use gkeys to verify gpg signatures by default. Refresh the gentoo
>> snapshot signing key before signature verification, in order to
>> ensure that the latest revocation data is available. Add an
>>
On 27/10/16 19:16, Zac Medico wrote:
> Use gkeys to verify gpg signatures by default. Refresh the gentoo
> snapshot signing key before signature verification, in order to
> ensure that the latest revocation data is available. Add an
> --insecure option which disables gpg signature verification.
On Thu, 27 Oct 2016 10:16:42 -0700
Zac Medico wrote:
> Use gkeys to verify gpg signatures by default. Refresh the gentoo
> snapshot signing key before signature verification, in order to ensure
> that the latest revocation data is available. Add an --insecure option
> which
Use gkeys to verify gpg signatures by default. Refresh the gentoo
snapshot signing key before signature verification, in order to ensure
that the latest revocation data is available. Add an --insecure option
which disables gpg signature verification. Warn about man-in-the-middle
attacks when the