On 03/08/2015 08:02 AM, Mark Kubacki wrote:
> On 03/06/2015 09:50 AM, Mark Kubacki wrote:
>>
>> And by default you cannot compare the result with any authoritative source.
>
> 2015-03-08 0:26 GMT+01:00 Zac Medico :
>>
>> Ideally, we can rely on security mechanisms built into git [1], possibly
>> i
On 03/08/2015 07:59 AM, Patrick Schleizer wrote:
> Zac Medico:
>> On 03/06/2015 09:50 AM, Mark Kubacki wrote:
>>> We're on the same side here.
>>>
>>> Do we have numbers showing the ratio "portage used with defaults" vs.
>>> where "[webrsync-gpg] is described in many hardening guides for gentoo
>>>
On 03/06/2015 09:50 AM, Mark Kubacki wrote:
>
> And by default you cannot compare the result with any authoritative source.
2015-03-08 0:26 GMT+01:00 Zac Medico :
>
> Ideally, we can rely on security mechanisms built into git [1], possibly
> involving signed commits.
Some brownfield thinking here
Zac Medico:
> On 03/06/2015 09:50 AM, Mark Kubacki wrote:
>> We're on the same side here.
>>
>> Do we have numbers showing the ratio "portage used with defaults" vs.
>> where "[webrsync-gpg] is described in many hardening guides for gentoo
>> and widely used among the security conscious" applies?
>
On Sat, 07 Mar 2015 18:31:44 -0800
Zac Medico wrote:
> On 03/07/2015 05:24 PM, Brian Dolbec wrote:
> > On Sat, 07 Mar 2015 15:26:26 -0800
> > Zac Medico wrote:
> >
> >> On 03/06/2015 09:50 AM, Mark Kubacki wrote:
> >>> We're on the same side here.
> >>>
> >>> Do we have numbers showing the rati
On 03/07/2015 05:24 PM, Brian Dolbec wrote:
> On Sat, 07 Mar 2015 15:26:26 -0800
> Zac Medico wrote:
>
>> On 03/06/2015 09:50 AM, Mark Kubacki wrote:
>>> We're on the same side here.
>>>
>>> Do we have numbers showing the ratio "portage used with defaults"
>>> vs. where "[webrsync-gpg] is describ
On Sat, 07 Mar 2015 15:26:26 -0800
Zac Medico wrote:
> On 03/06/2015 09:50 AM, Mark Kubacki wrote:
> > We're on the same side here.
> >
> > Do we have numbers showing the ratio "portage used with defaults"
> > vs. where "[webrsync-gpg] is described in many hardening guides for
> > gentoo and wid
On 03/06/2015 09:50 AM, Mark Kubacki wrote:
> We're on the same side here.
>
> Do we have numbers showing the ratio "portage used with defaults" vs.
> where "[webrsync-gpg] is described in many hardening guides for gentoo
> and widely used among the security conscious" applies?
>
> DNS not being
2015-03-06 1:56 GMT+01:00 Rick "Zero_Chaos" Farina :
>
> tl;dr webrsync-gpg is a built in feature of the package manager which
> OPTIONALLY adds a significant amount of security against the attacks
> described on your website. This is not currently the default setting,
> however, it is described i
On Fri, 06 Mar 2015 10:20:27 -0500
"Rick \"Zero_Chaos\" Farina" wrote:
> On 03/06/15 08:53, Mark Kubacki wrote:
> > 2015-03-06 1:56 GMT+01:00 Rick "Zero_Chaos" Farina
> > :
> >>
> >> tl;dr webrsync-gpg is a built in feature of the package manager
> >> which OPTIONALLY adds a significant amount of
Hi,
it was naive of me to attempt to create such a comparison table. Takes
much more time than I have available for this.
It was to be expected that there are disagreements and I cannot resolve
them without checking the code myself and perhaps without coming up with
proof of concept exploitation
On 03/06/15 08:53, Mark Kubacki wrote:
> 2015-03-06 1:56 GMT+01:00 Rick "Zero_Chaos" Farina :
>>
>> tl;dr webrsync-gpg is a built in feature of the package manager which
>> OPTIONALLY adds a significant amount of security against the attacks
>> described on your website. This is not currently the
2015-03-06 1:56 GMT+01:00 Rick "Zero_Chaos" Farina :
>
> tl;dr webrsync-gpg is a built in feature of the package manager which
> OPTIONALLY adds a significant amount of security against the attacks
> described on your website. This is not currently the default setting,
> however, it is described i
On 03/05/15 14:14, Patrick Schleizer wrote:
>> I used the footnote numbers to reference the attacks.
>
> I am afraid, this might cause some confusion. The numbers you have used
> won't stay stable. Those were autogenerated numbers of footnotes. As
> footnotes change, these numbers change. To keep
> I used the footnote numbers to reference the attacks.
I am afraid, this might cause some confusion. The numbers you have used
won't stay stable. Those were autogenerated numbers of footnotes. As
footnotes change, these numbers change. To keep your post
understandable, I created a snapshot before
On 03/05/15 09:49, Patrick Schleizer wrote:
> Hi,
>
> I am currently working on a comparison of package managers in which
> Portage is part of.
>
> https://www.whonix.org/wiki/Comparison_Of_Package_Managers
>
> Would you be interested to check if the current assessments are correct
> and/or to f
Hi,
I am currently working on a comparison of package managers in which
Portage is part of.
https://www.whonix.org/wiki/Comparison_Of_Package_Managers
Would you be interested to check if the current assessments are correct
and/or to fill the remaining gaps?
Where the comparison table is hosted
17 matches
Mail list logo