1 |
On 2017.10.26 21:12, Michał Górny wrote: |
2 |
> Hi, everyone. |
3 |
> |
4 |
> After a week of hard work, I'd like to request your comments |
5 |
> on the draft of GLEP 74. This GLEP aims to replace the old |
6 |
> tree-signing |
7 |
> GLEPs 58 and 60 with a superior implementation and more complete |
8 |
> specification. |
9 |
> |
10 |
> The original tree-signing GLEPs were accepted a few years back but |
11 |
> they |
12 |
> have never been implemented. This specification, on the other hand, |
13 |
> comes with a working reference implementation for the verification |
14 |
> algorithm. I expect to finish the update/generation part in a few |
15 |
> days, |
16 |
> then work on additional optimizations (threading, incremental |
17 |
> verification, incremental updates). |
18 |
> |
19 |
> ReST: https://dev.gentoo.org/~mgorny/tmp/glep-0074.rst |
20 |
> HTML: https://dev.gentoo.org/~mgorny/tmp/glep-0074.html |
21 |
> impl: https://github.com/mgorny/gemato/ |
22 |
> |
23 |
> Full text following for inline comments. |
24 |
> |
25 |
[snip lots of hard work] |
26 |
> |
27 |
> -- |
28 |
> Best regards, |
29 |
> Michał Górny |
30 |
> |
31 |
> |
32 |
> |
33 |
|
34 |
Michał, |
35 |
|
36 |
Thank you for the hard work. |
37 |
|
38 |
This GLEP implies that users need to have the entire repository to validate |
39 |
and authenticate, if I understand it correctly. |
40 |
|
41 |
For example |
42 |
PORTAGE_RSYNC_EXTRA_OPTS="--exclude=<list_of_<package/categories>" |
43 |
wil still work but the resulting tree could not be authenticaed. as |
44 |
the top level signature would fail. |
45 |
|
46 |
The manifests would still work correctly because they only apply to |
47 |
the directory containing them. Pruning the repository at |
48 |
rsync time will therefore remove the manifents and the files that they cover. |
49 |
|
50 |
Is that understanding correct? |
51 |
|
52 |
-- |
53 |
Regards, |
54 |
|
55 |
Roy Bamford |
56 |
(Neddyseagoon) a member of |
57 |
elections |
58 |
gentoo-ops |
59 |
forum-mods |