Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 371161

Summary: PMS: profiles/ directory should have Manifests in some form
Product: Portage Development Reporter: Sergei Trofimovich (RETIRED) <slyfox>
Component: CoreAssignee: Portage team <dev-portage>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Sergei Trofimovich (RETIRED) gentoo-dev 2011-06-11 14:48:51 UTC 
We approach to the state when the whole gentoo-x86 will have signed manifests,
so user will be able to validate it's copy of the tree.

But there is one major piece of unsigned code: eclass/, so an attacker
can put fun code on the mirror affecting a lot of packages this way.

PMS says nothing about it.
Comment 1 SpanKY gentoo-dev 2011-06-11 22:48:13 UTC 
Bug 64258 already exists for eclass signing
Comment 2 Zac Medico gentoo-dev 2011-06-11 23:16:55 UTC 

*** This bug has been marked as a duplicate of bug 64258 ***