Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Secure Portage System [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
HeXiLeD
Veteran
Veteran


Joined: 20 Aug 2005
Posts: 1159
Location: Online

PostPosted: Mon Feb 05, 2007 1:58 pm    Post subject: Secure Portage System [SOLVED] Reply with quote

This has been on my mind for a long long time now, and i think it should implemented without losing more time.
The portage system should have a strong crypto to validate downloaded packages.

Today i was reading about Debian and i decided to talk about it here.
see secure-apt here

Why would we want this ?
well... lets see... to start because of arp poisoning and a few other things that can trick a user to get 'malicious packages' to the system.
From there i belive i dont need to draw the full potential implications of such possibility.(in fact i dont even to give extra ideas about it)
These days OS's are depending more and more of the web. We are almost becoming webOS's (in fact there are projects for that too)
_________________
Do you hear the sound of inevitability?
With age, comes great grumpiness and that, was 20 years ago...

CertFP: becbbd161d5a5c31de3c45171b77bf710911db29 / d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244


Last edited by HeXiLeD on Thu Feb 27, 2020 11:09 am; edited 3 times in total
Back to top
View user's profile Send private message
didl
Retired Dev
Retired Dev


Joined: 09 Sep 2003
Posts: 1106
Location: Pittsburgh, PA

PostPosted: Mon Feb 05, 2007 2:05 pm    Post subject: Reply with quote

If you search through the gentoo-dev list you should find several
(long) threads about this and related issues.
Back to top
View user's profile Send private message
HeXiLeD
Veteran
Veteran


Joined: 20 Aug 2005
Posts: 1159
Location: Online

PostPosted: Mon Jan 26, 2009 1:18 am    Post subject: Reply with quote

I have been a bit away and lost track of this topic. What is the current status of portage regarding this topic ?
_________________
Do you hear the sound of inevitability?
With age, comes great grumpiness and that, was 20 years ago...

CertFP: becbbd161d5a5c31de3c45171b77bf710911db29 / d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244
Back to top
View user's profile Send private message
HeXiLeD
Veteran
Veteran


Joined: 20 Aug 2005
Posts: 1159
Location: Online

PostPosted: Wed Jul 23, 2014 8:11 pm    Post subject: Reply with quote

Almost 10 years later... (time flies...)

http://wiki.gentoo.org/wiki/GLEP:57 still no full fix ... :cry:
_________________
Do you hear the sound of inevitability?
With age, comes great grumpiness and that, was 20 years ago...

CertFP: becbbd161d5a5c31de3c45171b77bf710911db29 / d985d21f89fe2977b593c4d381a1a86802e62990d9328d893db76d59f9935244
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Wed Jul 23, 2014 9:11 pm    Post subject: Reply with quote

HeXiLeD ...

there is some movement in that direction with gentoo-keys and pyGPG. Not sure what the intention is but if commits are signed, and the keys available, then it should be possible to verify when reaching the end user.

best ... khay
Back to top
View user's profile Send private message
dol-sen
Retired Dev
Retired Dev


Joined: 30 Jun 2002
Posts: 2805
Location: Richmond, BC, Canada

PostPosted: Thu Jul 24, 2014 3:31 pm    Post subject: Reply with quote

Yes, the gentoo-keys project is underway and will hopefully have a preliminary release by the end of summer. Once it is sufficiently complete it will be used for commit verification, layman's repositories.xml list verification and all release media. To what extent portage will be modified to use it is still not known, but it will be incorporated.
_________________
Brian
Porthole, the Portage GUI frontend irc@freenode: #gentoo-guis, #porthole, Blog
layman, gentoolkit, CoreBuilder, esearch...
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum