| 1 |
>>>>> "RHJ" == Robin H Johnson <robbat2@g.o> writes: |
| 2 |
|
| 3 |
RHJ> Some more issues for you: |
| 4 |
RHJ> 1. Increases the size of the Manifest by a minimum of 710 bytes _per_ |
| 5 |
RHJ> file. (4 bytes for 'GPG ', 700-900 for the hash, 1 for the field space, 5-12 bytes for the |
| 6 |
RHJ> trailer). |
| 7 |
RHJ> 1.1. 55907 Manifest2 entries need this signing, so that's a ~38MiB |
| 8 |
RHJ> increase in the tree size. |
| 9 |
RHJ> 2. Impossible to validate without Portage itself, or at least another |
| 10 |
RHJ> tool to convert the signature back into a form readable by GnuPG. |
| 11 |
|
| 12 |
From the standpoint of someone using Gentoo to Get Work Done: |
| 13 |
|
| 14 |
RMD160 and SHA1 just waste space. SHA2 is sufficient non-encrypted |
| 15 |
hashing. |
| 16 |
|
| 17 |
Put distfile sigs in $DISTDIR or $FILESDIR. They are just too large |
| 18 |
for a line-per-entry file. |
| 19 |
|
| 20 |
Include the signing keyid in the filename to support both allowing |
| 21 |
multiple devs to sign a file and an easy indication of who signed it. |
| 22 |
|
| 23 |
Have portage note in the ebuild log what was signed, by what key, and |
| 24 |
whether the sigs were true. |
| 25 |
|
| 26 |
Make failing on a bad sig optional (per overlay?) and make sure that |
| 27 |
even when portage /is/ configured to fail on a bad sig that it only |
| 28 |
fails that one package and anything in the current set which depends |
| 29 |
on that version of the failed package. Don't stop everything just |
| 30 |
because /one/ package has a problem. |
| 31 |
|
| 32 |
And think about a way to sign Changelog entries. |
| 33 |
|
| 34 |
-JimC |
| 35 |
-- |
| 36 |
James Cloos <cloos@×××××××.com> OpenPGP: 1024D/ED7DAEA6 |
Archives