1 |
Dnia 26 października 2017 23:58:53 CEST, Roy Bamford <neddyseagoon@g.o> napisał(a): |
2 |
>On 2017.10.26 21:12, Michał Górny wrote: |
3 |
>> Hi, everyone. |
4 |
>> |
5 |
>> After a week of hard work, I'd like to request your comments |
6 |
>> on the draft of GLEP 74. This GLEP aims to replace the old |
7 |
>> tree-signing |
8 |
>> GLEPs 58 and 60 with a superior implementation and more complete |
9 |
>> specification. |
10 |
>> |
11 |
>> The original tree-signing GLEPs were accepted a few years back but |
12 |
>> they |
13 |
>> have never been implemented. This specification, on the other hand, |
14 |
>> comes with a working reference implementation for the verification |
15 |
>> algorithm. I expect to finish the update/generation part in a few |
16 |
>> days, |
17 |
>> then work on additional optimizations (threading, incremental |
18 |
>> verification, incremental updates). |
19 |
>> |
20 |
>> ReST: https://dev.gentoo.org/~mgorny/tmp/glep-0074.rst |
21 |
>> HTML: https://dev.gentoo.org/~mgorny/tmp/glep-0074.html |
22 |
>> impl: https://github.com/mgorny/gemato/ |
23 |
>> |
24 |
>> Full text following for inline comments. |
25 |
>> |
26 |
>[snip lots of hard work] |
27 |
>> |
28 |
>> -- |
29 |
>> Best regards, |
30 |
>> Michał Górny |
31 |
>> |
32 |
>> |
33 |
>> |
34 |
> |
35 |
>Michał, |
36 |
> |
37 |
>Thank you for the hard work. |
38 |
> |
39 |
>This GLEP implies that users need to have the entire repository to |
40 |
>validate |
41 |
>and authenticate, if I understand it correctly. |
42 |
> |
43 |
>For example |
44 |
>PORTAGE_RSYNC_EXTRA_OPTS="--exclude=<list_of_<package/categories>" |
45 |
>wil still work but the resulting tree could not be authenticaed. as |
46 |
>the top level signature would fail. |
47 |
> |
48 |
>The manifests would still work correctly because they only apply to |
49 |
>the directory containing them. Pruning the repository at |
50 |
>rsync time will therefore remove the manifents and the files that they |
51 |
>cover. |
52 |
> |
53 |
>Is that understanding correct? |
54 |
|
55 |
Yes. We can't technically distinguish intentional package removal by user from malicious third party stripping them. This is something that a package manager extension might handle but it doesn't belong in the spec. |
56 |
|
57 |
|
58 |
-- |
59 |
Best regards, |
60 |
Michał Górny (by phone) |