Gentoo Archives: gentoo-scm

From: "Piotr Jaroszyński" <peper@g.o>
To: gentoo-scm@l.g.o
Subject: Re: [gentoo-scm] Re: [gentoo-dev] Progress on cvs->git migration
Date: Tue, 23 Aug 2011 17:07:55
Message-Id: CAAefdZ+4Lra+THv7PLczj_MDexeyQqU4GNVATSvyt4+vEN=n=g@mail.gmail.com
In Reply to: Re: [gentoo-scm] Re: [gentoo-dev] Progress on cvs->git migration by Alexey Shvetsov
1 On 23 August 2011 17:22, Alexey Shvetsov <alexxy@g.o> wrote:
2 > On Tue, 23 Aug 2011 07:57:24 -0700, Zac Medico wrote:
3 >>
4 >> On 08/23/2011 07:02 AM, Alexey Shvetsov wrote:
5 >>>
6 >>> Ok. What is problems with thin Manifests (some kind of this already
7 >>> implented in funtoo)
8 >>
9 >> This is really easy to do. Like the manifest1 -> manifest2 migration,
10 >> we'll need some kind of repository marker which indicates the manifest
11 >> format. For example, we could use an entry in metadata/layout.conf for
12 >> this purpose (as I've already suggested in bug #333691).
13 >>
14 >>> and commit signing (this means gpg signing or something else?).
15 >>
16 >> I guess the existing manifest signing technique is likely to trigger
17 >> merge conflicts in the manifests. I suppose we could use another marker,
18 >> similar to the thin manifest marker, to indicate that the existing
19 >> manifest signing technique should not be used in the git tree.
20 >
21 > Yep signing git commits with gpg should avoid conflicts. May we can use
22 > something like this [1]
23 > [1]
24 > http://weierophinney.net/matthew/archives/236-GPG-signing-Git-Commits.html
25
26 After a quick look, it doesn't seem to add any security whatsoever -
27 it signs only the commit message.
28
29 --
30 Pozdrowienia
31 Piotr Jaroszyński