| 1 |
On Tue, 29 Jul 2008 20:51:45 +0100 |
| 2 |
Mike Auty <ikelos@g.o> wrote: |
| 3 |
|
| 4 |
> -----BEGIN PGP SIGNED MESSAGE----- |
| 5 |
> Hash: SHA1 |
| 6 |
> |
| 7 |
> Sorry, |
| 8 |
> I lost my notes from when I last looked these over several |
| 9 |
> months ago, and only just found them again. I haven't copied this to |
| 10 |
> gleps@g.o, so let me know if I should do that. I just had a quick |
| 11 |
> couple of things I was thinking about, and one of them I figured out |
| 12 |
> during my re-read, so it's only really the following... |
| 13 |
> |
| 14 |
> In this Glep (xx+1), in the section discussing the procedure for |
| 15 |
> creating a MetaManifest file, in step 3.3, does that include |
| 16 |
> verification of the manifest's signature if it has one? It would seem |
| 17 |
> odd to ignore the signature if it's wrong (I'm not sure about the case |
| 18 |
> if a signature isn't present). I also don't know how this would then |
| 19 |
> be handled (a complete abort, or ignoring the latest changeset to that |
| 20 |
> ebuild?). |
| 21 |
|
| 22 |
I don't think that verification at this stage would be a good idea. The |
| 23 |
only sane way to respond to a failed check would be to either exclude |
| 24 |
the whole package from the sync (keeping the state from the last run), |
| 25 |
leading to various problems (what if it's a critical bugfix/security |
| 26 |
bump, or breaks a the deptree of many packages?), or not record the |
| 27 |
Manifest in the Metamanifest, which hasn't any benefits over reyling on |
| 28 |
the client doing the verification. |
| 29 |
|
| 30 |
Marius |
Archives