On Monday 09 September 2013 10:00:25 Michael Orlitzky wrote: > No. There's a GLEP for some of these issues: > > https://www.gentoo.org/proj/en/glep/glep-0057.html > > The relevant part is, > > ...any non-Gentoo controlled rsync mirror can modify executable code; > as much of this code is per default run as root a malicious mirror > could compromise hundreds of systems per day - if cloaked well > enough, such an attack could run for weeks before being noticed.
I noticed there's another GLEP which eliminates the mirror problem: http://www.gentoo.org/proj/en/glep/glep-0058.html It's marked as accepted. I hope they'll implement it in reasonable time.
signature.asc
Description: This is a digitally signed message part.
