| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA512 |
| 3 |
|
| 4 |
On 08/14/2015 01:56 PM, Andrew Savchenko wrote: |
| 5 |
|
| 6 |
.. |
| 7 |
|
| 8 |
> |
| 9 |
> 2. The question is why manifests are modified for rsync. In git |
| 10 |
> manifests are thin (only distfiles are there), in rsync they also |
| 11 |
> contain checksums for ebuilds and files dir content. Do we really |
| 12 |
> need this? These manifests are not signed now, so of little use. |
| 13 |
|
| 14 |
They will be OpenPGP signed by a releng key during thickening and |
| 15 |
portage will auto-verify it using gkeys once things are in place. As |
| 16 |
such checksum for ebuilds and other files certainly needs to be part |
| 17 |
of the manifest, otherwise it can open up for malicious alterations of |
| 18 |
these files. |
| 19 |
|
| 20 |
- -- |
| 21 |
Kristian Fiskerstrand |
| 22 |
Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net |
| 23 |
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 |
| 24 |
-----BEGIN PGP SIGNATURE----- |
| 25 |
|
| 26 |
iQEcBAEBCgAGBQJVzeLTAAoJECULev7WN52F9z8H/1Es0XTZP2eBmVyMSfVf65T7 |
| 27 |
MVO2v+0r91kjBekwkmKMNbLM/ZubAq1af20xSUW5Q9kBANJ3GIieU/6CpcVS3BCP |
| 28 |
bgjSCSOj2cydCgWO3i6eydrB9yEpLVPzi4rezbNVSaLsG3WYEl07z/knXYU5mJJW |
| 29 |
ViXNeOBPyCDpJiwgccGDmIbFvIghI9bPFOCrLRvmH5v+Velk0QNdK/PZd9pvd792 |
| 30 |
FIyoPcE2hq8NYpeH7o/WWwLcsczERg5HhcAnTmTZYZ0DpLhQzEfHrLlkD46JbR0j |
| 31 |
JT7rn7PtmtsQNoXTQesmA4hrGLu26fUVljqSbIwJt/33ijis7VSxZVedCp7wGyc= |
| 32 |
=c5IU |
| 33 |
-----END PGP SIGNATURE----- |
Archives