-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Daniel Drake wrote: > Alec Warner wrote: >> This is to prevent people from sticking a random unchecksum'd ebuild >> in your tree and then having portage source it for depend() metadata >> and then getting bitten by some global scope nasties. > > Is this really the correct solution to this "problem"? > > I can't see the use case: do people really download (potentially > malicious) ebuilds, stick them in their overlay, and then *not* use them? > > Somehow I don't think that's true - people will generally download > ebuilds, and use them (even if they fail during compilation, they will > have been used in some form). > > If you start requiring people to create Manifests for these ebuilds, > they will do so, and this has not changed the security implications of > these "untrusted" ebuilds. > > Am I missing something? > > Daniel
The plan is to eventually include digital signature verification together with the Manifest verification. The framework isn't completely implemented yet, but we're beginning to put some of the required mechanisms into place. Considering that repoman users generally have complete trust in their cvs checkout, I suppose it would make sense to allow repoman features to be configured separately. For example, we could allow you to set REPOMAN_FEATURES="-strict" in make.conf so that you won't be bothered by broken Manifests when running repoman. Zac -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iD8DBQFFc4bT/ejvha5XGaMRAiYbAJwIWJF7lCR7ICMmJGAfDOQlZNtlHACfYqJp fUERS53nyQ2kQf1QMb3rd5k= =5cht -----END PGP SIGNATURE----- -- gentoo-dev@gentoo.org mailing list
