Gentoo Archives: gentoo-scm

From: Nirbheek Chauhan <nirbheek.chauhan@×××××.com>
To: Caleb Cushing <xenoterracide@×××××.com>
Cc: "Robin H. Johnson" <robbat2@g.o>, gentoo-scm@l.g.o
Subject: Re: [gentoo-scm] Splitting gentoo-x86 repository for easier consumption
Date: Sun, 12 Apr 2009 07:03:43
Message-Id: 8b4c83ad0904120003g397e5d22ib432c86d326a6509@mail.gmail.com
In Reply to: Re: [gentoo-scm] Splitting gentoo-x86 repository for easier consumption by Caleb Cushing
1 On Sun, Apr 12, 2009 at 12:07 PM, Caleb Cushing <xenoterracide@×××××.com> wrote:
2 > I'm aware of the point of thin-Manifests (It's a long time running
3 > conversation), however it seems to be something more to the order of
4 > usage for distribution, in other words, overlays and tree's like
5 > regen2's and funtoo's. if you aren't distributing the tree for user
6 > consumption... then you'll still have to generate full manifests for
7 > rsync, it would seem easy and more space, processor effective to make
8 > it like metadata and cron generation, dev's don't really need them
9 > when hacking ebuilds do they? they're just a security/integrity
10 > measure for end users. I suppose the reason for devs to use them is
11 > they would be using the git tree to update their own systems.
12 >
13
14 Signed DIST manifests mean the developer has committed the ebuild for
15 a specific distfile, and if the distfile is then tampered with (on
16 gentoo mirrors/upstream mirrors), it'll be noticed immediately.
17 However, if the DIST manifests are generated like metadata, it gives a
18 window for mischief, and no one would notice that the distfile used
19 for making the ebuild and the one being distributed to users is
20 different
21
22
23 --
24 ~Nirbheek Chauhan