1 |
Oh hey. We're in the future. Let's try to commit something to |
2 |
repo/gentoo.git! |
3 |
|
4 |
So apparently we're signing things with gpg now, so let's read the |
5 |
official documentation. |
6 |
The [1] wiki seems to be the canonical location for such things. |
7 |
|
8 |
Oh dear. The layout is VERY broken. See [2]. Which redirects to [3], |
9 |
which is a duplicate of [4], which has been closed because apparently |
10 |
the persons responsible don't understand how to internet. |
11 |
Since this bug is only about a year old I don't expect any progress soon |
12 |
- but fetching random crap from untrusted hosts is not a sane option. |
13 |
Especially since there is already a webserver, which is also trusted, so |
14 |
I'm confused why we're still having this conversation. |
15 |
|
16 |
But hey, let's blindly fetch CSS from unknown, just to notice that this |
17 |
'theme' needs JavaScript to display properly. Because reasons. |
18 |
|
19 |
Why would I want to blindly execute code when reading the text of a |
20 |
wiki? Because, reasons. Because, future! |
21 |
Sigh. I'll just live with the breakage then. |
22 |
|
23 |
But anyway, we find [5] the right document, and ... hit [6]. Can't |
24 |
install, bug is over half a year old, so I have to consider upstream |
25 |
dead. But we can easily patch the ebuild and somehow install |
26 |
app-crypt/gkeys. |
27 |
|
28 |
Well, we can install it, but won't be able to use it because [7][8] it's |
29 |
TOFU. Totally Fine and Usable! |
30 |
Nothing some random stabbing won't fix, eh, but now we're an hour in |
31 |
just trying to get dependencies of dependencies installed. |
32 |
|
33 |
Sigh. |
34 |
|
35 |
Now that gkeys is out of the way, let's try to use gkeys-gen! |
36 |
[9][10][11] Nope. Nope nope, you don't get to play! |
37 |
|
38 |
So there's no way to actually *use* this software in the default config |
39 |
(how was this ever released?!), and upstream has not fixed any of these |
40 |
issues in almost a year. This parrot is an ex-parrot! |
41 |
|
42 |
|
43 |
Let's capitulate, err, repudiate. Wait, wrong word. Recapitulate! That's |
44 |
it. Let's recapitulate: |
45 |
|
46 |
The official docs are running on an unmaintained broken platform. If you |
47 |
manage to read them they are wrong. And the software to use has been |
48 |
abandoned a year ago, but is still suggested as default in the docs. |
49 |
|
50 |
Since signing is mandatory since the git migration, ahem, this means |
51 |
that no one in the last 5 months(!) actually followed the documentation |
52 |
(because that does NOT work!). I'm almost impressed, but, wow, this is |
53 |
enterprisey. |
54 |
|
55 |
So, what can we do to make this whole story of 'commit (and push) to |
56 |
repo/gentoo.git' make sense? And why do I appear to be the only one to |
57 |
notice this chain of breakage?! |
58 |
|
59 |
|
60 |
[1] http://wiki.gentoo.org |
61 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=559530 |
62 |
[3] https://bugs.gentoo.org/show_bug.cgi?id=547536 |
63 |
[4] https://bugs.gentoo.org/show_bug.cgi?id=536744 |
64 |
[5] |
65 |
https://wiki.gentoo.org/wiki/Project:Gentoo-keys/Generating_GLEP_63_based_OpenPGP_keys |
66 |
[6] https://bugs.gentoo.org/show_bug.cgi?id=550848 |
67 |
[7] https://bugs.gentoo.org/show_bug.cgi?id=536338 |
68 |
[8] https://bugs.gentoo.org/show_bug.cgi?id=557090 |
69 |
[9] https://bugs.gentoo.org/show_bug.cgi?id=567768 |
70 |
[10] https://bugs.gentoo.org/show_bug.cgi?id=566782 |
71 |
[11] https://bugs.gentoo.org/show_bug.cgi?id=536316 |