On Thu, 2004-01-15 at 13:44, Norbert Kamenicky wrote: > Jason Stubbs wrote: > >>>This is a very good reason for all those who go directly to "updating" the > >>>digest after a couple of failed downloads to think again the next time. > >>>That is unless you like root exploits and such like was discovered in the > >>>kernel recently. > > > > > > For those that are interested, it turns out that kde.org was at fault and the > > listed digest was in fact incorrect. > > Yes, u a right, it can be dangerous. > I just answered the question, but do not upgrade yet. > I'll wait minimum until the problem is explained/solved. > The same strategy I recommend to everybody. > > Anyway I thing if gentoo root server is exploited, > then it can't be a problem for attacker to replace both > source and digest. > To prevent such behavior probably some another > digital signature from developer authority is needed > let it be immediately recognized by all of us. > > noro > > > -- > [EMAIL PROTECTED] mailing list
The problem is fixed now if you do an "emerge sync" again, that fixed it for me. The digital signing of ebuilds, etc. is something that is being worked on in portage. I don't think it will be available before portage-ng though -- Brian <[EMAIL PROTECTED]> -- [EMAIL PROTECTED] mailing list
