| 1 |
On 2017.10.26 21:12, Michał Górny wrote: |
| 2 |
> Hi, everyone. |
| 3 |
> |
| 4 |
> After a week of hard work, I'd like to request your comments |
| 5 |
> on the draft of GLEP 74. This GLEP aims to replace the old |
| 6 |
> tree-signing |
| 7 |
> GLEPs 58 and 60 with a superior implementation and more complete |
| 8 |
> specification. |
| 9 |
> |
| 10 |
> The original tree-signing GLEPs were accepted a few years back but |
| 11 |
> they |
| 12 |
> have never been implemented. This specification, on the other hand, |
| 13 |
> comes with a working reference implementation for the verification |
| 14 |
> algorithm. I expect to finish the update/generation part in a few |
| 15 |
> days, |
| 16 |
> then work on additional optimizations (threading, incremental |
| 17 |
> verification, incremental updates). |
| 18 |
> |
| 19 |
> ReST: https://dev.gentoo.org/~mgorny/tmp/glep-0074.rst |
| 20 |
> HTML: https://dev.gentoo.org/~mgorny/tmp/glep-0074.html |
| 21 |
> impl: https://github.com/mgorny/gemato/ |
| 22 |
> |
| 23 |
> Full text following for inline comments. |
| 24 |
> |
| 25 |
[snip lots of hard work] |
| 26 |
> |
| 27 |
> -- |
| 28 |
> Best regards, |
| 29 |
> Michał Górny |
| 30 |
> |
| 31 |
> |
| 32 |
> |
| 33 |
|
| 34 |
Michał, |
| 35 |
|
| 36 |
Thank you for the hard work. |
| 37 |
|
| 38 |
This GLEP implies that users need to have the entire repository to validate |
| 39 |
and authenticate, if I understand it correctly. |
| 40 |
|
| 41 |
For example |
| 42 |
PORTAGE_RSYNC_EXTRA_OPTS="--exclude=<list_of_<package/categories>" |
| 43 |
wil still work but the resulting tree could not be authenticaed. as |
| 44 |
the top level signature would fail. |
| 45 |
|
| 46 |
The manifests would still work correctly because they only apply to |
| 47 |
the directory containing them. Pruning the repository at |
| 48 |
rsync time will therefore remove the manifents and the files that they cover. |
| 49 |
|
| 50 |
Is that understanding correct? |
| 51 |
|
| 52 |
-- |
| 53 |
Regards, |
| 54 |
|
| 55 |
Roy Bamford |
| 56 |
(Neddyseagoon) a member of |
| 57 |
elections |
| 58 |
gentoo-ops |
| 59 |
forum-mods |
Archives