1 |
On Sun, Apr 12, 2009 at 02:37:42AM -0400, Caleb Cushing wrote: |
2 |
> I'm aware of the point of thin-Manifests (It's a long time running |
3 |
> conversation), however it seems to be something more to the order of |
4 |
> usage for distribution, in other words, overlays and tree's like |
5 |
> regen2's and funtoo's. if you aren't distributing the tree for user |
6 |
> consumption... then you'll still have to generate full manifests for |
7 |
> rsync, it would seem easy and more space, processor effective to make |
8 |
> it like metadata and cron generation, dev's don't really need them |
9 |
> when hacking ebuilds do they? they're just a security/integrity |
10 |
> measure for end users. I suppose the reason for devs to use them is |
11 |
> they would be using the git tree to update their own systems. |
12 |
Not having any Manifests in Git would mean that the DIST entry needs to |
13 |
be generated at the point that the rest of the Manifest is built. |
14 |
That requires IO time, as well as having all distfiles on that machine. |
15 |
Some distfiles are restricted in various ways, so that they may NOT be |
16 |
present on our mirrors, and so we don't want to force developers to have |
17 |
to upload them just for generating the DIST entry. |
18 |
|
19 |
Known security of the DIST entries is important as well. If the |
20 |
developer commits the DIST entry, and signs it, we know that barring |
21 |
hash attacks, it has not been modified. |
22 |
|
23 |
Generating the Manifest entries for non-DIST bits is trivial, and with |
24 |
Git, requires zero actual hashing, just extract the data from the Git |
25 |
index as I say. It's the DIST ones that this is not possible for. |
26 |
|
27 |
-- |
28 |
Robin Hugh Johnson |
29 |
Gentoo Linux Developer & Infra Guy |
30 |
E-Mail : robbat2@g.o |
31 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |