1 |
W dniu nie, 08.07.2018 o godzinie 14∶11 -0700, użytkownik Zac Medico |
2 |
napisał: |
3 |
> On 07/08/2018 01:18 PM, Zac Medico wrote: |
4 |
> > On 07/08/2018 01:08 PM, Michał Górny wrote: |
5 |
> > > W dniu nie, 08.07.2018 o godzinie 11∶57 -0700, użytkownik Zac Medico |
6 |
> > > napisał: |
7 |
> > > > On 07/08/2018 11:42 AM, Michał Górny wrote: |
8 |
> > > > > W dniu nie, 08.07.2018 o godzinie 11∶04 -0700, użytkownik Zac Medico |
9 |
> > > > > napisał: |
10 |
> > > > > > On 07/08/2018 06:56 AM, Michał Górny wrote: |
11 |
> > > > > > > W dniu nie, 08.07.2018 o godzinie 15∶02 +0200, użytkownik Kristian |
12 |
> > > > > > > Fiskerstrand napisał: |
13 |
> > > > > > > > On 07/08/2018 08:53 AM, Michał Górny wrote: |
14 |
> > > > > > > > > Is safe git syncing implemented already? If not, maybe finish it first and cover both with a single news item. Git is going to be more efficient here, so people may want to learn they have an alternative. |
15 |
> > > > > > > > |
16 |
> > > > > > > > Why complicate things, and increase wait for something that benefits |
17 |
> > > > > > > > most users, just to give alternatives to a few using non-default sync |
18 |
> > > > > > > > mechanism. Securing git distribution is a whole different ballpark. |
19 |
> > > > > > > > |
20 |
> > > > > > > |
21 |
> > > > > > > Let me rephrase. Let's say I'm using rsync. This new feature is |
22 |
> > > > > > > something positive but it breaks my use case (for one of the listed |
23 |
> > > > > > > reasons -- overlayfs, inode use, small fs cache). After reading this |
24 |
> > > > > > > news item, I learn that my only option is to disable the new feature. |
25 |
> > > > > > > |
26 |
> > > > > > > Now, I would appreciate being told that there's an alternate sync method |
27 |
> > > > > > > that handles secure updates without having all those drawbacks. |
28 |
> > > > > > |
29 |
> > > > > > The thing is, the normal git tree doesn't even provide pre-generated |
30 |
> > > > > > metadata, and I see then gentoo-mirror repo that provides metadata does |
31 |
> > > > > > not have commits signed with an release key: |
32 |
> > > > > > |
33 |
> > > > > > https://github.com/gentoo-mirror/gentoo/commits/stable |
34 |
> > > > > > |
35 |
> > > > > > So I'm really not comfortable recommending git to anyone at this point. |
36 |
> > > > > |
37 |
> > > > > Wrong twice. |
38 |
> > > > > |
39 |
> > > > > Firstly, the canonical URL is: |
40 |
> > > > > |
41 |
> > > > > https://anongit.gentoo.org/git/repo/sync/gentoo.git |
42 |
> > > > > (https://gitweb.gentoo.org/repo/sync/gentoo.git) |
43 |
> > > > > |
44 |
> > > > > Secondly, the merge commits (i.e. top commits that are verified |
45 |
> > > > > by Portage) are signed by dedicated key that is part of the infra key |
46 |
> > > > > set. In other words, it works out of the box. |
47 |
> > > > |
48 |
> > > > Is there any documentation that shows users how to migrate to git, and |
49 |
> > > > what the pros and cons might be? Maybe its worthy of its own news item. |
50 |
> > > |
51 |
> > > Maybe. I don't really know, and don't think it's a good idea to show 30 |
52 |
> > > news item of things users might like on every new Gentoo install. |
53 |
> > |
54 |
> > Well if instructions for setting up git sync and associated pros/cons |
55 |
> > are not documented anywhere then I won't advise anyone to use it. |
56 |
> |
57 |
> I've attempted to configure it for myself, and this is what it does: |
58 |
> |
59 |
> * Using keys from /usr/share/openpgp-keys/gentoo-release.asc |
60 |
> * Refreshing keys from keyserver ... |
61 |
> [ ok ] |
62 |
> * No valid signature found: unable to verify signature (missing key?) |
63 |
> |
64 |
|
65 |
Please report a bug and attach your configuration along with keyring |
66 |
version. |
67 |
|
68 |
-- |
69 |
Best regards, |
70 |
Michał Górny |