Security concerns installing hardened gentoo

[twitch]

I have always heard that the most secure way to install a system is to do a networkless install, harden the system, then get the patches/updates.

I am attempting to do that with hardened gentoo, but it isn't going to well for me. I have downloaded the following:
/experimental/x86/hardened/livecd/hardened-x86-2005.1.iso
/experimental/x86/hardened/stages/stage3-x86-selinux-piessp-20050726.tar.bz2

I am attempting to emerge the hardened-sources kernel, but without the network it can't find all of the needed files/packages. I have to go to another machine get the first file it's looking for off the net, copy it over, and then try to emerge again, and the process repeats itself...

So #1, is there an easier way to do this hardened networkless install?

And #2, how large of a security risk is there in doing the network based install?

Thanks,
Steve

[nixnut]

Could well be that the hardened-sources are not on the hardened livecd. You can build a hardened system, missing only a hardened kernel. You can build a kernel with the pax/grsecurity features later after emerging hardened-sources from the installed system. Since the rest of the system is already hardened and if you're not running al sorts of services (possible points of entry for attackers) the risk of compromise is pretty low.
_________________
Please add [solved] to the initial post's subject line if you feel your problem is resolved. Help answer the unanswered

talk is cheap. supply exceeds demand

[Taladar]

If you use a router with NAT (and don't forward any ports) the risk is pretty low compared to downloading on another PC (of course should both the Gentoo download mirror and the rsync host with the portage tree be compromised you are screwed anyway).

P.S.: If you worry about the possibility in parentheses you should probably do a full code review of all open source software you use but that is a bit more paranoid than the usual Gentoo Hardened user.