Re: [gentoo-dev] Manifest signing

2011-11-03 Thread Robin H. Johnson
On Thu, Nov 03, 2011 at 10:55:52PM +0100, enno+gen...@groeper-berlin.de wrote: > >> If it is (also) for the users, why is there no code for it in portage > >> anymore [3]? > > Hmm, I hadn't see that removal, but it makes sense unless the entire > > tree is developer-signed, which isn't likely to ha

Re: [gentoo-dev] Manifest signing

2011-11-03 Thread enno+gentoo
Hi, Am 02.11.2011 17:11, schrieb Robin H. Johnson: > On Wed, Nov 02, 2011 at 01:03:21PM +0100, enno+gen...@groeper-berlin.de wrote: >> I followed the threads about manifest signing with interest and even had >> a look at the manifest signing guide [4]. Sounds nice at first view. >> But, please cor

Re: [gentoo-dev] Manifest signing

2011-11-02 Thread Robin H. Johnson
On Wed, Nov 02, 2011 at 01:03:21PM +0100, enno+gen...@groeper-berlin.de wrote: > I followed the threads about manifest signing with interest and even had > a look at the manifest signing guide [4]. Sounds nice at first view. > But, please correct me, if I'm wrong. I didn't find a place where these

Re: [gentoo-dev] Manifest signing

2011-11-02 Thread enno+gentoo
Hello, Am 29.09.2011 17:02, schrieb Anthony G. Basile: > Hi everyone, > > The issue of Manifest signing came up in #gentoo-hardened channel ... > again. Its clearly a security issue and yet many manifests in the tree > are still not signed. Is there any chance that we can agree to reject > unsi

Re: [gentoo-dev] Manifest signing

2011-09-29 Thread Fabian Groffen
On 29-09-2011 11:02:17 -0400, Anthony G. Basile wrote: > The issue of Manifest signing came up in #gentoo-hardened channel ... > again. Its clearly a security issue and yet many manifests in the tree > are still not signed. Is there any chance that we can agree to reject > unsigned manifests? Po

Re: [gentoo-dev] Manifest signing

2011-09-29 Thread Tony "Chainsaw" Vroon
On 29/09/11 16:02, Anthony G. Basile wrote: > Is there any chance that we can agree to reject > unsigned manifests? Possibly a question for the Council to adjudicate? I am happy to back a mandatory signing policy for the main gentoo-x86 tree. This is a simple yes or no question that the council c

[gentoo-dev] Manifest signing

2011-09-29 Thread Anthony G. Basile
Hi everyone, The issue of Manifest signing came up in #gentoo-hardened channel ... again. Its clearly a security issue and yet many manifests in the tree are still not signed. Is there any chance that we can agree to reject unsigned manifests? Possibly a question for the Council to adjudicate?