Gentoo Archives: gentoo-scm

From: Nirbheek Chauhan <nirbheek.chauhan@×××××.com>
To: Caleb Cushing <xenoterracide@×××××.com>
Cc: "Robin H. Johnson" <robbat2@g.o>, gentoo-scm@l.g.o
Subject: Re: [gentoo-scm] Splitting gentoo-x86 repository for easier consumption
Date: Sun, 12 Apr 2009 07:03:43
Message-Id: 8b4c83ad0904120003g397e5d22ib432c86d326a6509@mail.gmail.com
In Reply to: Re: [gentoo-scm] Splitting gentoo-x86 repository for easier consumption by Caleb Cushing
On Sun, Apr 12, 2009 at 12:07 PM, Caleb Cushing <xenoterracide@×××××.com> wrote:
> I'm aware of the point of thin-Manifests (It's a long time running > conversation), however it seems to be something more to the order of > usage for distribution, in other words, overlays and tree's like > regen2's and funtoo's. if you aren't distributing the tree for user > consumption... then you'll still have to generate full manifests for > rsync, it would seem easy and more space, processor effective to make > it like metadata and cron generation, dev's don't really need them > when hacking ebuilds do they? they're just a security/integrity > measure for end users. I suppose the reason for devs to use them is > they would be using the git tree to update their own systems. >
Signed DIST manifests mean the developer has committed the ebuild for a specific distfile, and if the distfile is then tampered with (on gentoo mirrors/upstream mirrors), it'll be noticed immediately. However, if the DIST manifests are generated like metadata, it gives a window for mischief, and no one would notice that the distfile used for making the ebuild and the one being distributed to users is different -- ~Nirbheek Chauhan