1 |
On Tue, Feb 20, 2018 at 2:24 PM, Michael Weiser |
2 |
<michael@×××××××××××××××.net> wrote: |
3 |
> Hi Fabian, |
4 |
> |
5 |
> On Tue, Feb 20, 2018 at 08:41:57PM +0100, Fabian Groffen wrote: |
6 |
> |
7 |
>> Thing is I once believed Portage checked manifest and all, but it seems |
8 |
>> not to do anything any more, so my idea of things being OK may have been |
9 |
> |
10 |
> I also was a bit surprised to find that portage didn't authenticate and |
11 |
> verify the tree at all. Stumbling over webrsync more or less by |
12 |
> accident, I've been using it as the next best thing in the interim. |
13 |
> |
14 |
> From what I was able to find on the net, there's never been any |
15 |
> actual implementation before Michal Gorny started gemato (see |
16 |
> https://www.gentoo.org/glep/glep-0074.html#motivation wrt GLEP-58 from |
17 |
> 2008 never being implemented). After using gemato on Gentoo Linux as a |
18 |
> very early adopter I'm eager to get something comparable going in Prefix |
19 |
> Mac. |
20 |
> |
21 |
|
22 |
Can you not use webrsync-gpg for the time being? |
23 |
|
24 |
Incremental updates of authenticated files would be best, but until |
25 |
that can be done in a completely foolproof way I would wait so as to |
26 |
not give yourself a false sense of security. |
27 |
|
28 |
Cheers, |
29 |
R0b0t1 |