1 |
On Tue, 29 Jul 2008 20:51:45 +0100 |
2 |
Mike Auty <ikelos@g.o> wrote: |
3 |
|
4 |
> -----BEGIN PGP SIGNED MESSAGE----- |
5 |
> Hash: SHA1 |
6 |
> |
7 |
> Sorry, |
8 |
> I lost my notes from when I last looked these over several |
9 |
> months ago, and only just found them again. I haven't copied this to |
10 |
> gleps@g.o, so let me know if I should do that. I just had a quick |
11 |
> couple of things I was thinking about, and one of them I figured out |
12 |
> during my re-read, so it's only really the following... |
13 |
> |
14 |
> In this Glep (xx+1), in the section discussing the procedure for |
15 |
> creating a MetaManifest file, in step 3.3, does that include |
16 |
> verification of the manifest's signature if it has one? It would seem |
17 |
> odd to ignore the signature if it's wrong (I'm not sure about the case |
18 |
> if a signature isn't present). I also don't know how this would then |
19 |
> be handled (a complete abort, or ignoring the latest changeset to that |
20 |
> ebuild?). |
21 |
|
22 |
I don't think that verification at this stage would be a good idea. The |
23 |
only sane way to respond to a failed check would be to either exclude |
24 |
the whole package from the sync (keeping the state from the last run), |
25 |
leading to various problems (what if it's a critical bugfix/security |
26 |
bump, or breaks a the deptree of many packages?), or not record the |
27 |
Manifest in the Metamanifest, which hasn't any benefits over reyling on |
28 |
the client doing the verification. |
29 |
|
30 |
Marius |