Re: [gentoo-dev] Tree signing and verification on the user side - status?

2017-04-04 Thread Kristian Fiskerstrand
[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or

[gentoo-dev] Last rites: gnome-extra/gnome-shell-extensions-topicons

2017-04-04 Thread Mart Raudsepp
# Mart Raudsepp (04 Apr 2017) # Masked for removal in 30 days. Does not work with new # gnome-base/gnome-shell. # gnome-extra/gnome-shell-extensions-topicons-plus is a # fork that has added features and works with modern # gnome-shell that is suitable as a system-wide replacement

Re: [gentoo-dev] [RFC] New Manifest hashes and how to enable them

2017-04-04 Thread Chí-Thanh Christopher Nguyễn
Michał Górny schrieb: I think the first reasonable change would be to deprecate SHA256. It is pretty much the same algorithm as SHA512, except for different parameters. It is weaker than SHA512, and SHA512 is supported on all existing platforms anyway. I think there is nothing wrong or

Re: [gentoo-dev] Tree signing and verification on the user side - status?

2017-04-04 Thread Dirkjan Ochtman
On Tue, Apr 4, 2017 at 12:03 PM, Andreas K. Huettel wrote: >> while we're discussing super-strength hash algos, it would be cool to know >> what's still missing for >> * rsync-side manifest signing in whatever way >> * verification of such signatures in portage / emerge >> >

Re: [gentoo-dev] Tree signing and verification on the user side - status?

2017-04-04 Thread Andreas K. Huettel
> > while we're discussing super-strength hash algos, it would be cool to know > what's still missing for > * rsync-side manifest signing in whatever way > * verification of such signatures in portage / emerge > (and just to put it in a reference frame, I'm these days reading mailing list

Re: [gentoo-dev] [RFC] New Manifest hashes and how to enable them

2017-04-04 Thread Kristian Fiskerstrand
[Sent from my iPad, as it is not a secured device there are no cryptographic keys on this device, meaning this message is sent without an OpenPGP signature. In general you should *not* rely on any information sent over such an unsecure channel, if you find any information controversial or