1 |
>On Saturday 19 April 2003 7:40 am, Joshua Brindle wrote: |
2 |
> |
3 |
>> Ideas and comments are welcome |
4 |
> |
5 |
>Will there be provision for signing other entities in the portage rsync mirror |
6 |
>other than ebuilds? eclasses, package.mask, etc. |
7 |
|
8 |
yes, probably detached sigs for each of those "other" files, we don't know yet though |
9 |
|
10 |
> |
11 |
>Will there be provision for controlling which developers are authorised to |
12 |
>sign each package, or will portage allow any developer to sign any package |
13 |
>manifest? |
14 |
|
15 |
there is no easy way since the only way cvs knows to allow/disallow commits is |
16 |
by permissions, we use permissions but they aren't fine grained, ie: everyone |
17 |
who has access to commit any package can commit to all of them. This is a lot |
18 |
better anyway since we have to be able to add new packages, do quick bumps |
19 |
on packages we don't necessarilly maintain, etc. Obviously if a dev is abusing |
20 |
we'll have records of what was commited and where and be able to take care |
21 |
of that. |
22 |
|
23 |
Joshua Brindle |
24 |
|
25 |
-- |
26 |
gentoo-hardened@g.o mailing list |