Gentoo Archives: gentoo-dev

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: Manifest signing
Date: Thu, 29 Sep 2011 19:37:09
Message-Id: robbat2-20110929T192830-577785968Z@orbis-terrarum.net
In Reply to: [gentoo-dev] Re: Manifest signing by Duncan <1i5t5.duncan@cox.net>
On Thu, Sep 29, 2011 at 07:08:29PM +0000, Duncan wrote:
> Beyond that, IMO it's now at the "needs a proposal champion to clean it > up and present it to the council" stage, at least at the "council > declared priority" level for getting the requirements into repoman, the > CVS server, and perhaps the PMs (I don't know what stage they're at, > possibly all they need is a switch flipped?).
It doesn't need cleaning up. I wrote the tree-signing GLEPs a few years ago, and those were approved by the council, really they just need updating to a recent Portage and usage. They provide better support than just getting every developer to sign the Manifests, because to do so while eclasses are unsigned is a giant security hole. MetaManifest in the proposal covers that by getting the entire tree to a state of being signed.
> Talking about which, at the PM user level, is there a per-repo/overlay > switch? If not, it should strongly be considered.
Yes. See layout.conf/repo.conf. Also controls usage of thin Manifests. -- Robin Hugh Johnson Gentoo Linux: Developer, Trustee & Infrastructure Lead E-Mail : robbat2@g.o GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85