Hi, On 25 January 2018 at 14:35, Michał Górny <mgo...@gentoo.org> wrote: > > Starting with sys-apps/portage-2.3.22, Portage enables cryptographic > verification of the Gentoo rsync repository distributed over rsync > by default. This aims to prevent malicious third parties from altering > the contents of the ebuild repository received by our users.
<snip> I did not looked into the detailed implementation, however, please make sure integrity check handles the same cases we have applied to emerge-webrsync in the past, including: 1. Fast forward only in time, this is required to avoid hacker to redirect into older portage to install vulnerabilities that were approved at that time. 2. Content integrity, especially removal, as far as I understand, the mechanism will not enable to detect authorized removal of content. Regards, Alon
