| 1 |
On Tue, Oct 05, 2010 at 05:53:50PM -0400, James Cloos wrote: |
| 2 |
> >>>>> "RHJ" == Robin H Johnson <robbat2@g.o> writes: |
| 3 |
> |
| 4 |
> RHJ> Some more issues for you: |
| 5 |
> RHJ> 1. Increases the size of the Manifest by a minimum of 710 bytes _per_ |
| 6 |
> RHJ> file. (4 bytes for 'GPG ', 700-900 for the hash, 1 for the field space, 5-12 bytes for the |
| 7 |
> RHJ> trailer). |
| 8 |
> RHJ> 1.1. 55907 Manifest2 entries need this signing, so that's a ~38MiB |
| 9 |
> RHJ> increase in the tree size. |
| 10 |
> RHJ> 2. Impossible to validate without Portage itself, or at least another |
| 11 |
> RHJ> tool to convert the signature back into a form readable by GnuPG. |
| 12 |
> |
| 13 |
> >From the standpoint of someone using Gentoo to Get Work Done: |
| 14 |
> RMD160 and SHA1 just waste space. SHA2 is sufficient non-encrypted |
| 15 |
> hashing. |
| 16 |
Please read the tree-signing GLEPs. This is already coming up, the GLEPs |
| 17 |
included the migration window for it. |
| 18 |
|
| 19 |
> Put distfile sigs in $DISTDIR or $FILESDIR. They are just too large |
| 20 |
> for a line-per-entry file. |
| 21 |
$DISTDIR is an interesting idea. $FILESDIR costs too many inodes. |
| 22 |
|
| 23 |
> Include the signing keyid in the filename to support both allowing |
| 24 |
> multiple devs to sign a file and an easy indication of who signed it. |
| 25 |
You can extract keyid from any signature trivially. |
| 26 |
|
| 27 |
> Have portage note in the ebuild log what was signed, by what key, and |
| 28 |
> whether the sigs were true. |
| 29 |
zmedico: can we include this in the repoman commit sig? |
| 30 |
|
| 31 |
> Make failing on a bad sig optional (per overlay?) and make sure that |
| 32 |
> even when portage /is/ configured to fail on a bad sig that it only |
| 33 |
> fails that one package and anything in the current set which depends |
| 34 |
> on that version of the failed package. Don't stop everything just |
| 35 |
> because /one/ package has a problem. |
| 36 |
This is already controllable. |
| 37 |
|
| 38 |
> And think about a way to sign Changelog entries. |
| 39 |
We wanted commit-signing with the git migration... |
| 40 |
|
| 41 |
-- |
| 42 |
Robin Hugh Johnson |
| 43 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
| 44 |
E-Mail : robbat2@g.o |
| 45 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |
Archives