Portage security?

[reddragon]

i read about how webrsync-gpg can validate a snapshot.

how does emerge handle https and sftp sorce code links in ebuilds?

there are still alot of http and ftp links to sourecode in ebuilds,

should i be concerned?

[Apheus]

The validated snapshot contains "Manifest" text files with checksums for every associated file, including ebuilds and distfiles. These are checked on fetch and on unpack. Emerge errors out if the checksum check fails.
_________________
My phrenologist says I'm stupid.

[reddragon]

thats excellent news