List Archive: gentoo-scm
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Wednesday 18 February 2009, Robin H. Johnson wrote:
> Using the converse, all files covered by AUX, DIST, MISC have GIT
> SHA1 commit ids. Explicitly performing a checksum on them is not
> needed, just extract it from Git.
These hashes would need to be regenerated for the rsync though, because
otherwise it does not provide integrity and this would make tree
signing impossible. Overlays would have to abandon the hashes though,
otherwise you'll get the same merge trouble again.
> When it comes to generating the outgoing Manifests for users on the
> central server, it's pretty simple.
> The only downside I see is the potential for a degree of lesser
> security for anybody using the Git repo directly instead of rsync.
It'll also ease attacks on distfiles when first mirroring them.
Currently, developers download the code (verify checksums, gpg, or
review the code, ... at least sometimes) and then commit the hash of
what they have seen. The distfiles master box then verifies that hash
and users only ever can install it if it's the same the dev had seen.
If the distfiles master is the one generating that hash, there is (1) a
time gap between the dev reviewing the file and the box getting the
hash and (2) only one box would need to be attacked via
man-in-the-middle, whereas it is currently two.
signature.asc (This is a digitally signed message part.)