1 |
On 07/08/2018 02:59 PM, Zac Medico wrote: |
2 |
> On 07/08/2018 02:50 PM, Aaron W. Swenson wrote: |
3 |
>> On July 8, 2018 5:38:48 PM EDT, Zac Medico <zmedico@g.o> wrote: |
4 |
>> |
5 |
>> On 07/08/2018 02:18 PM, Michał Górny wrote: |
6 |
>> |
7 |
>> W dniu nie, 08.07.2018 o godzinie 14∶11 -0700, użytkownik Zac Medico |
8 |
>> napisał: |
9 |
>> |
10 |
>> On 07/08/2018 01:18 PM, Zac Medico wrote: |
11 |
>> |
12 |
>> On 07/08/2018 01:08 PM, Michał Górny wrote: |
13 |
>> |
14 |
>> W dniu nie, 08.07.2018 o godzinie 11∶57 -0700, |
15 |
>> użytkownik Zac Medico |
16 |
>> napisał: |
17 |
>> |
18 |
>> On 07/08/2018 11:42 AM, Michał Górny wrote: |
19 |
>> |
20 |
>> W dniu nie, 08.07.2018 o godzinie 11∶04 |
21 |
>> -0700, użytkownik Zac Medico |
22 |
>> napisał: |
23 |
>> |
24 |
>> On 07/08/2018 06:56 AM, Michał Górny wrote: |
25 |
>> |
26 |
>> W dniu nie, 08.07.2018 o godzinie |
27 |
>> 15∶02 +0200, użytkownik Kristian |
28 |
>> Fiskerstrand napisał: |
29 |
>> |
30 |
>> On 07/08/2018 08:53 AM, Michał |
31 |
>> Górny wrote: |
32 |
>> |
33 |
>> Is safe git syncing |
34 |
>> implemented already? If not, |
35 |
>> maybe finish it first and |
36 |
>> cover both with a single |
37 |
>> news item. Git is going to |
38 |
>> be more efficient here, so |
39 |
>> people may want to learn |
40 |
>> they have an alternative. |
41 |
>> |
42 |
>> |
43 |
>> Why complicate things, and |
44 |
>> increase wait for something that |
45 |
>> benefits |
46 |
>> most users, just to give |
47 |
>> alternatives to a few using |
48 |
>> non-default sync |
49 |
>> mechanism. Securing git |
50 |
>> distribution is a whole |
51 |
>> different ballpark. |
52 |
>> |
53 |
>> |
54 |
>> |
55 |
>> Let me rephrase. Let's say I'm using |
56 |
>> rsync. This new feature is |
57 |
>> something positive but it breaks my |
58 |
>> use case (for one of the listed |
59 |
>> reasons -- overlayfs, inode use, |
60 |
>> small fs cache). After reading this |
61 |
>> news item, I learn that my only |
62 |
>> option is to disable the new feature. |
63 |
>> |
64 |
>> Now, I would appreciate being told |
65 |
>> that there's an alternate sync method |
66 |
>> that handles secure updates without |
67 |
>> having all those drawbacks. |
68 |
>> |
69 |
>> |
70 |
>> The thing is, the normal git tree |
71 |
>> doesn't even provide pre-generated |
72 |
>> metadata, and I see then gentoo-mirror |
73 |
>> repo that provides metadata does |
74 |
>> not have commits signed with an release key: |
75 |
>> |
76 |
>> https://github.com/gentoo-mirror/gentoo/commits/stable |
77 |
>> |
78 |
>> So I'm really not comfortable |
79 |
>> recommending git to anyone at this point. |
80 |
>> |
81 |
>> |
82 |
>> Wrong twice. |
83 |
>> |
84 |
>> Firstly, the canonical URL is: |
85 |
>> |
86 |
>> https://anongit.gentoo.org/git/repo/sync/gentoo.git |
87 |
>> (https://gitweb.gentoo.org/repo/sync/gentoo.git) |
88 |
>> |
89 |
>> Secondly, the merge commits (i.e. top |
90 |
>> commits that are verified |
91 |
>> by Portage) are signed by dedicated key that |
92 |
>> is part of the infra key |
93 |
>> set. In other words, it works out of the box. |
94 |
>> |
95 |
>> |
96 |
>> Is there any documentation that shows users how |
97 |
>> to migrate to git, and |
98 |
>> what the pros and cons might be? Maybe its |
99 |
>> worthy of its own news item. |
100 |
>> |
101 |
>> |
102 |
>> Maybe. I don't really know, and don't think it's a |
103 |
>> good idea to show 30 |
104 |
>> news item of things users might like on every new |
105 |
>> Gentoo install. |
106 |
>> |
107 |
>> |
108 |
>> Well if instructions for setting up git sync and |
109 |
>> associated pros/cons |
110 |
>> are not documented anywhere then I won't advise anyone |
111 |
>> to use it. |
112 |
>> |
113 |
>> |
114 |
>> I've attempted to configure it for myself, and this is what |
115 |
>> it does: |
116 |
>> |
117 |
>> * Using keys from /usr/share/openpgp-keys/gentoo-release.asc |
118 |
>> * Refreshing keys from keyserver ... |
119 |
>> [ ok ] |
120 |
>> * No valid signature found: unable to verify signature |
121 |
>> (missing key?) |
122 |
>> |
123 |
>> |
124 |
>> |
125 |
>> Please report a bug and attach your configuration along with keyring |
126 |
>> version. |
127 |
>> |
128 |
>> |
129 |
>> It works after upgrading to openpgp-keys-gentoo-release-20180706 from |
130 |
>> openpgp-keys-gentoo-release-20180323. |
131 |
>> |
132 |
>> |
133 |
>> Does Portage not call attention to critical updates? |
134 |
> |
135 |
> No, but that might be a nice feature. We'd have to introduce some kind |
136 |
> of standard mechanism via PMS or a GLEP. |
137 |
|
138 |
Actually GLEP 42 news items can be used for this, with a header like: |
139 |
|
140 |
Display-If-Installed: <app-crypt/openpgp-keys-gentoo-release-20180706 |
141 |
-- |
142 |
Thanks, |
143 |
Zac |