1 |
>>>>> "RHJ" == Robin H Johnson <robbat2@g.o> writes: |
2 |
|
3 |
RHJ> Some more issues for you: |
4 |
RHJ> 1. Increases the size of the Manifest by a minimum of 710 bytes _per_ |
5 |
RHJ> file. (4 bytes for 'GPG ', 700-900 for the hash, 1 for the field space, 5-12 bytes for the |
6 |
RHJ> trailer). |
7 |
RHJ> 1.1. 55907 Manifest2 entries need this signing, so that's a ~38MiB |
8 |
RHJ> increase in the tree size. |
9 |
RHJ> 2. Impossible to validate without Portage itself, or at least another |
10 |
RHJ> tool to convert the signature back into a form readable by GnuPG. |
11 |
|
12 |
From the standpoint of someone using Gentoo to Get Work Done: |
13 |
|
14 |
RMD160 and SHA1 just waste space. SHA2 is sufficient non-encrypted |
15 |
hashing. |
16 |
|
17 |
Put distfile sigs in $DISTDIR or $FILESDIR. They are just too large |
18 |
for a line-per-entry file. |
19 |
|
20 |
Include the signing keyid in the filename to support both allowing |
21 |
multiple devs to sign a file and an easy indication of who signed it. |
22 |
|
23 |
Have portage note in the ebuild log what was signed, by what key, and |
24 |
whether the sigs were true. |
25 |
|
26 |
Make failing on a bad sig optional (per overlay?) and make sure that |
27 |
even when portage /is/ configured to fail on a bad sig that it only |
28 |
fails that one package and anything in the current set which depends |
29 |
on that version of the failed package. Don't stop everything just |
30 |
because /one/ package has a problem. |
31 |
|
32 |
And think about a way to sign Changelog entries. |
33 |
|
34 |
-JimC |
35 |
-- |
36 |
James Cloos <cloos@×××××××.com> OpenPGP: 1024D/ED7DAEA6 |