1 |
On July 8, 2018 5:38:48 PM EDT, Zac Medico <zmedico@g.o> wrote: |
2 |
>On 07/08/2018 02:18 PM, Michał Górny wrote: |
3 |
>> W dniu nie, 08.07.2018 o godzinie 14∶11 -0700, użytkownik Zac Medico |
4 |
>> napisał: |
5 |
>>> On 07/08/2018 01:18 PM, Zac Medico wrote: |
6 |
>>>> On 07/08/2018 01:08 PM, Michał Górny wrote: |
7 |
>>>>> W dniu nie, 08.07.2018 o godzinie 11∶57 -0700, użytkownik Zac |
8 |
>Medico |
9 |
>>>>> napisał: |
10 |
>>>>>> On 07/08/2018 11:42 AM, Michał Górny wrote: |
11 |
>>>>>>> W dniu nie, 08.07.2018 o godzinie 11∶04 -0700, użytkownik Zac |
12 |
>Medico |
13 |
>>>>>>> napisał: |
14 |
>>>>>>>> On 07/08/2018 06:56 AM, Michał Górny wrote: |
15 |
>>>>>>>>> W dniu nie, 08.07.2018 o godzinie 15∶02 +0200, użytkownik |
16 |
>Kristian |
17 |
>>>>>>>>> Fiskerstrand napisał: |
18 |
>>>>>>>>>> On 07/08/2018 08:53 AM, Michał Górny wrote: |
19 |
>>>>>>>>>>> Is safe git syncing implemented already? If not, maybe |
20 |
>finish it first and cover both with a single news item. Git is going to |
21 |
>be more efficient here, so people may want to learn they have an |
22 |
>alternative. |
23 |
>>>>>>>>>> |
24 |
>>>>>>>>>> Why complicate things, and increase wait for something that |
25 |
>benefits |
26 |
>>>>>>>>>> most users, just to give alternatives to a few using |
27 |
>non-default sync |
28 |
>>>>>>>>>> mechanism. Securing git distribution is a whole different |
29 |
>ballpark. |
30 |
>>>>>>>>>> |
31 |
>>>>>>>>> |
32 |
>>>>>>>>> Let me rephrase. Let's say I'm using rsync. This new feature |
33 |
>is |
34 |
>>>>>>>>> something positive but it breaks my use case (for one of the |
35 |
>listed |
36 |
>>>>>>>>> reasons -- overlayfs, inode use, small fs cache). After |
37 |
>reading this |
38 |
>>>>>>>>> news item, I learn that my only option is to disable the new |
39 |
>feature. |
40 |
>>>>>>>>> |
41 |
>>>>>>>>> Now, I would appreciate being told that there's an alternate |
42 |
>sync method |
43 |
>>>>>>>>> that handles secure updates without having all those |
44 |
>drawbacks. |
45 |
>>>>>>>> |
46 |
>>>>>>>> The thing is, the normal git tree doesn't even provide |
47 |
>pre-generated |
48 |
>>>>>>>> metadata, and I see then gentoo-mirror repo that provides |
49 |
>metadata does |
50 |
>>>>>>>> not have commits signed with an release key: |
51 |
>>>>>>>> |
52 |
>>>>>>>> https://github.com/gentoo-mirror/gentoo/commits/stable |
53 |
>>>>>>>> |
54 |
>>>>>>>> So I'm really not comfortable recommending git to anyone at |
55 |
>this point. |
56 |
>>>>>>> |
57 |
>>>>>>> Wrong twice. |
58 |
>>>>>>> |
59 |
>>>>>>> Firstly, the canonical URL is: |
60 |
>>>>>>> |
61 |
>>>>>>> https://anongit.gentoo.org/git/repo/sync/gentoo.git |
62 |
>>>>>>> (https://gitweb.gentoo.org/repo/sync/gentoo.git) |
63 |
>>>>>>> |
64 |
>>>>>>> Secondly, the merge commits (i.e. top commits that are verified |
65 |
>>>>>>> by Portage) are signed by dedicated key that is part of the |
66 |
>infra key |
67 |
>>>>>>> set. In other words, it works out of the box. |
68 |
>>>>>> |
69 |
>>>>>> Is there any documentation that shows users how to migrate to |
70 |
>git, and |
71 |
>>>>>> what the pros and cons might be? Maybe its worthy of its own news |
72 |
>item. |
73 |
>>>>> |
74 |
>>>>> Maybe. I don't really know, and don't think it's a good idea to |
75 |
>show 30 |
76 |
>>>>> news item of things users might like on every new Gentoo install. |
77 |
>>>> |
78 |
>>>> Well if instructions for setting up git sync and associated |
79 |
>pros/cons |
80 |
>>>> are not documented anywhere then I won't advise anyone to use it. |
81 |
>>> |
82 |
>>> I've attempted to configure it for myself, and this is what it does: |
83 |
>>> |
84 |
>>> * Using keys from /usr/share/openpgp-keys/gentoo-release.asc |
85 |
>>> * Refreshing keys from keyserver ... |
86 |
>>> [ ok ] |
87 |
>>> * No valid signature found: unable to verify signature (missing |
88 |
>key?) |
89 |
>>> |
90 |
>> |
91 |
>> Please report a bug and attach your configuration along with keyring |
92 |
>> version. |
93 |
> |
94 |
>It works after upgrading to openpgp-keys-gentoo-release-20180706 from |
95 |
>openpgp-keys-gentoo-release-20180323. |
96 |
>-- |
97 |
>Thanks, |
98 |
>Zac |
99 |
|
100 |
Does Portage not call attention to critical updates? |
101 |
|
102 |
It used to make a special statement for a new stable Portage and strongly recommended that it be emerged first. It should probably do the same for openpgp-keys-gentoo-release. |
103 |
-- |
104 |
Sent from my Android device with K-9 Mail. Please excuse my brevity. |