| 1 |
On 08/07/18 18:34, Rich Freeman wrote: |
| 2 |
> On Sun, Jul 8, 2018 at 9:02 AM Kristian Fiskerstrand <k_f@g.o> wrote: |
| 3 |
>> On 07/08/2018 08:53 AM, Michał Górny wrote: |
| 4 |
>>> Is safe git syncing implemented already? If not, maybe finish it first and cover both with a single news item. Git is going to be more efficient here, so people may want to learn they have an alternative. |
| 5 |
>> Why complicate things, and increase wait for something that benefits |
| 6 |
>> most users, just to give alternatives to a few using non-default sync |
| 7 |
>> mechanism. Securing git distribution is a whole different ballpark. |
| 8 |
>> |
| 9 |
> I'll agree that it is different, but we're talking about verification |
| 10 |
> of the HEAD signature by infra, not verification of individual |
| 11 |
> developer keys, which was the topic of the recent thread. |
| 12 |
> |
| 13 |
> Verification is already built-into portage for git syncing (but off by |
| 14 |
> default). The problem is that portage will still checkout the tree if |
| 15 |
> it fails verification. The patch is to do the verification before |
| 16 |
> checking it out so that if it fails the tree is left in a |
| 17 |
> last-known-good state (at least as seen by tools at the filesystem |
| 18 |
> level - the fetched bad commits would still be visible to git). |
| 19 |
> |
| 20 |
Slightly radical thought here, but hear me out .. |
| 21 |
|
| 22 |
Could we use this same functionality to be able to validate the tree |
| 23 |
integrity with respect to CI testing? I mean, if the tree is 'broken' |
| 24 |
could we have some kind of warning displayed perhaps? Something that |
| 25 |
could be toggled (or default Off) would indeed be good, so that |
| 26 |
users/devs can choose what level or 'standard' of tree state they're |
| 27 |
prepared to accept. |
Archives