1 |
>>>>> On Tue, 06 Oct 2020, Frédéric Pierret wrote: |
2 |
|
3 |
>> We've already discussed it in #-qa, and I still think that this is |
4 |
>> over-engineered. Users can validate the distfile by the Manifest and |
5 |
>> its signature, so exposing the feature to users is redundant. |
6 |
|
7 |
> IMHO, manifest verification and distfile verification are two separate |
8 |
> things. Before you validate and sign the Manifest, you need to fetch |
9 |
> (new) source and to verify it. This is not redundant at all. |
10 |
|
11 |
The eclass adds a second method of distfile verification on the user's |
12 |
side. So unless the feature is intended to replace digest verification |
13 |
on the long term (which I hope it isn't), it is redundant for users. |
14 |
|
15 |
It may be fine as an opt-in feature for developers, but I believe that |
16 |
enabling it by default for all users is wrong. |
17 |
|
18 |
Ulrich |