| 1 |
Oh hey. We're in the future. Let's try to commit something to |
| 2 |
repo/gentoo.git! |
| 3 |
|
| 4 |
So apparently we're signing things with gpg now, so let's read the |
| 5 |
official documentation. |
| 6 |
The [1] wiki seems to be the canonical location for such things. |
| 7 |
|
| 8 |
Oh dear. The layout is VERY broken. See [2]. Which redirects to [3], |
| 9 |
which is a duplicate of [4], which has been closed because apparently |
| 10 |
the persons responsible don't understand how to internet. |
| 11 |
Since this bug is only about a year old I don't expect any progress soon |
| 12 |
- but fetching random crap from untrusted hosts is not a sane option. |
| 13 |
Especially since there is already a webserver, which is also trusted, so |
| 14 |
I'm confused why we're still having this conversation. |
| 15 |
|
| 16 |
But hey, let's blindly fetch CSS from unknown, just to notice that this |
| 17 |
'theme' needs JavaScript to display properly. Because reasons. |
| 18 |
|
| 19 |
Why would I want to blindly execute code when reading the text of a |
| 20 |
wiki? Because, reasons. Because, future! |
| 21 |
Sigh. I'll just live with the breakage then. |
| 22 |
|
| 23 |
But anyway, we find [5] the right document, and ... hit [6]. Can't |
| 24 |
install, bug is over half a year old, so I have to consider upstream |
| 25 |
dead. But we can easily patch the ebuild and somehow install |
| 26 |
app-crypt/gkeys. |
| 27 |
|
| 28 |
Well, we can install it, but won't be able to use it because [7][8] it's |
| 29 |
TOFU. Totally Fine and Usable! |
| 30 |
Nothing some random stabbing won't fix, eh, but now we're an hour in |
| 31 |
just trying to get dependencies of dependencies installed. |
| 32 |
|
| 33 |
Sigh. |
| 34 |
|
| 35 |
Now that gkeys is out of the way, let's try to use gkeys-gen! |
| 36 |
[9][10][11] Nope. Nope nope, you don't get to play! |
| 37 |
|
| 38 |
So there's no way to actually *use* this software in the default config |
| 39 |
(how was this ever released?!), and upstream has not fixed any of these |
| 40 |
issues in almost a year. This parrot is an ex-parrot! |
| 41 |
|
| 42 |
|
| 43 |
Let's capitulate, err, repudiate. Wait, wrong word. Recapitulate! That's |
| 44 |
it. Let's recapitulate: |
| 45 |
|
| 46 |
The official docs are running on an unmaintained broken platform. If you |
| 47 |
manage to read them they are wrong. And the software to use has been |
| 48 |
abandoned a year ago, but is still suggested as default in the docs. |
| 49 |
|
| 50 |
Since signing is mandatory since the git migration, ahem, this means |
| 51 |
that no one in the last 5 months(!) actually followed the documentation |
| 52 |
(because that does NOT work!). I'm almost impressed, but, wow, this is |
| 53 |
enterprisey. |
| 54 |
|
| 55 |
So, what can we do to make this whole story of 'commit (and push) to |
| 56 |
repo/gentoo.git' make sense? And why do I appear to be the only one to |
| 57 |
notice this chain of breakage?! |
| 58 |
|
| 59 |
|
| 60 |
[1] http://wiki.gentoo.org |
| 61 |
[2] https://bugs.gentoo.org/show_bug.cgi?id=559530 |
| 62 |
[3] https://bugs.gentoo.org/show_bug.cgi?id=547536 |
| 63 |
[4] https://bugs.gentoo.org/show_bug.cgi?id=536744 |
| 64 |
[5] |
| 65 |
https://wiki.gentoo.org/wiki/Project:Gentoo-keys/Generating_GLEP_63_based_OpenPGP_keys |
| 66 |
[6] https://bugs.gentoo.org/show_bug.cgi?id=550848 |
| 67 |
[7] https://bugs.gentoo.org/show_bug.cgi?id=536338 |
| 68 |
[8] https://bugs.gentoo.org/show_bug.cgi?id=557090 |
| 69 |
[9] https://bugs.gentoo.org/show_bug.cgi?id=567768 |
| 70 |
[10] https://bugs.gentoo.org/show_bug.cgi?id=566782 |
| 71 |
[11] https://bugs.gentoo.org/show_bug.cgi?id=536316 |
Archives