| 1 |
On Tue, Feb 20, 2018 at 2:24 PM, Michael Weiser |
| 2 |
<michael@×××××××××××××××.net> wrote: |
| 3 |
> Hi Fabian, |
| 4 |
> |
| 5 |
> On Tue, Feb 20, 2018 at 08:41:57PM +0100, Fabian Groffen wrote: |
| 6 |
> |
| 7 |
>> Thing is I once believed Portage checked manifest and all, but it seems |
| 8 |
>> not to do anything any more, so my idea of things being OK may have been |
| 9 |
> |
| 10 |
> I also was a bit surprised to find that portage didn't authenticate and |
| 11 |
> verify the tree at all. Stumbling over webrsync more or less by |
| 12 |
> accident, I've been using it as the next best thing in the interim. |
| 13 |
> |
| 14 |
> From what I was able to find on the net, there's never been any |
| 15 |
> actual implementation before Michal Gorny started gemato (see |
| 16 |
> https://www.gentoo.org/glep/glep-0074.html#motivation wrt GLEP-58 from |
| 17 |
> 2008 never being implemented). After using gemato on Gentoo Linux as a |
| 18 |
> very early adopter I'm eager to get something comparable going in Prefix |
| 19 |
> Mac. |
| 20 |
> |
| 21 |
|
| 22 |
Can you not use webrsync-gpg for the time being? |
| 23 |
|
| 24 |
Incremental updates of authenticated files would be best, but until |
| 25 |
that can be done in a completely foolproof way I would wait so as to |
| 26 |
not give yourself a false sense of security. |
| 27 |
|
| 28 |
Cheers, |
| 29 |
R0b0t1 |
Archives