List Archive: gentoo-scm
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Fri, Feb 20, 2009 at 11:50:07AM +0100, Robert Buchholz wrote:
> On Friday 20 February 2009, Robin H. Johnson wrote:
> > Remember that Portage will only verify hashes that exist in the file.
> > If they aren't in the file, they don't get verified. The fix you
> > describe is unneeded.
> If you use FEATURES=digest, Portage ignores missing lines or errors in
> the Manifest completely. So either overlays must ship full Manifests or
> Portage would need a feature to fix slim Manifests.
[snip some paragraphs missing the point].
Portage needs minor changes for slim Manifests anyway: specifically, to
check the files against the Git index rather than the Manifest. It's NOT
that the files from the tree directly are unsigned, but rather that
their digests/signatures exist in Git instead of the Manifest.
The commits in the Git tree should be signed anyway to increase
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail : firstname.lastname@example.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85