1 |
On 08/07/18 18:34, Rich Freeman wrote: |
2 |
> On Sun, Jul 8, 2018 at 9:02 AM Kristian Fiskerstrand <k_f@g.o> wrote: |
3 |
>> On 07/08/2018 08:53 AM, Michał Górny wrote: |
4 |
>>> Is safe git syncing implemented already? If not, maybe finish it first and cover both with a single news item. Git is going to be more efficient here, so people may want to learn they have an alternative. |
5 |
>> Why complicate things, and increase wait for something that benefits |
6 |
>> most users, just to give alternatives to a few using non-default sync |
7 |
>> mechanism. Securing git distribution is a whole different ballpark. |
8 |
>> |
9 |
> I'll agree that it is different, but we're talking about verification |
10 |
> of the HEAD signature by infra, not verification of individual |
11 |
> developer keys, which was the topic of the recent thread. |
12 |
> |
13 |
> Verification is already built-into portage for git syncing (but off by |
14 |
> default). The problem is that portage will still checkout the tree if |
15 |
> it fails verification. The patch is to do the verification before |
16 |
> checking it out so that if it fails the tree is left in a |
17 |
> last-known-good state (at least as seen by tools at the filesystem |
18 |
> level - the fetched bad commits would still be visible to git). |
19 |
> |
20 |
Slightly radical thought here, but hear me out .. |
21 |
|
22 |
Could we use this same functionality to be able to validate the tree |
23 |
integrity with respect to CI testing? I mean, if the tree is 'broken' |
24 |
could we have some kind of warning displayed perhaps? Something that |
25 |
could be toggled (or default Off) would indeed be good, so that |
26 |
users/devs can choose what level or 'standard' of tree state they're |
27 |
prepared to accept. |