-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ciaran McCreesh wrote: | | Signing offers no protection against a malicious developer. |
I had envisaged a system whereby when the tree was synced, as was some kind of master signed list of all acceptable dev-keys. Every package would also be signed, and would only be installed when signed. As soon as a dev becomes a liability their key is removed from the list/revoked. ~ On next sync any packages or package upgrades signed after the time of revocation would not be installed. There would be a window of vulnerability, but no bigger than with revoking a dev's access to the tree. Do you think this would offer suitable protection for users from a malicious dev or not? I understand there are difficulties with eclasses, etc, which is why the current implementation is still not widely used or mandated, but I'm more interested in the feasibility of the idea. Mike 5:) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkf0yu8ACgkQu7rWomwgFXrxOwCeKOdkiFhpknf/q/6jq1sPf70t 3xMAoJxlLYhweQspnIJe626TYdmeA3BQ =hKID -----END PGP SIGNATURE----- -- gentoo-dev@lists.gentoo.org mailing list