On Sun, 2012-08-12 at 15:11 -0400, Mansour Moufid wrote:
Portage offers no authentication and no confidentiality.
Each file has a SHA-256, SHA-512 and Whirlpool hash associated. This hashes are in Portage, and if you're a security-aware user (as most of Gentoo users are) you can get it in a secure way, which means PGP-signed.
Take a look at the handbook: http://www.gentoo.org/doc/en/handbook/2008.0/handbook-x86.xml?part=2&cha...
Confidentiality is not required, because currently we distribute TBB patches with portage, so you get them along with all the other Portage updates as all the Gentoo users. The rest looks like a normal Firefox installation. The Tor client is fetched through HTTPS.
Ale