371161 – PMS: profiles/ directory should have Manifests in some form

Bug 371161 - PMS: profiles/ directory should have Manifests in some form

Summary: PMS: profiles/ directory should have Manifests in some form

Status:	RESOLVED DUPLICATE of bug 64258

Alias:	None

Product:	Portage Development
Classification:	Unclassified
Component:	Core (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Portage team

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2011-06-11 14:48 UTC by Sergei Trofimovich (RETIRED)
Modified:	2011-06-11 23:16 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sergei Trofimovich (RETIRED) gentoo-dev

2011-06-11 14:48:51 UTC

We approach to the state when the whole gentoo-x86 will have signed manifests,
so user will be able to validate it's copy of the tree.

But there is one major piece of unsigned code: eclass/, so an attacker
can put fun code on the mirror affecting a lot of packages this way.

PMS says nothing about it.

Comment 1 SpanKY gentoo-dev

2011-06-11 22:48:13 UTC

Bug 64258 already exists for eclass signing

Comment 2 Zac Medico gentoo-dev

2011-06-11 23:16:55 UTC


*** This bug has been marked as a duplicate of bug 64258 ***