Anyone with access to the portage dir can change eclasses without any acknowledgement to the user which runs emerge. Emerge won't inform the user of these changes in opposition to changes in ebuilds because of the fact that eclasses have no fingerprints. Only on resync the eclasses are silently overwritten, but even no automatic rebuild is done after these changes. So infiltration of a Gentoo-System can be done more easily via eclasses than ebuilds. Reproducible: Always Steps to Reproduce: 1.take your favorite editor and change an eclass in your portage directory 2.run emerge Actual Results: no security hint is produced Expected Results: at least a security hint should be shown or emerge should skip the packages which uses this eclass
(In reply to Nicolas Pöhlmann from comment #0) > Anyone with access to the portage dir can change eclasses By default, only if you add those users to the "portage" group. *** This bug has been marked as a duplicate of bug 64258 ***
(In reply to Nicolas Pöhlmann from comment #0) > Anyone with access to the portage dir can change eclasses without any > acknowledgement to the user which runs emerge. Emerge won't inform the user > of these changes in opposition to changes in ebuilds That is similarly untrue: if you change $EBUILD and then run `ebuild $EBUILD manifest', you're in the same boat. Manifest signing would help there but we still cannot rely on that now.