| 1 |
W dniu śro, 24.01.2018 o godzinie 12∶54 -0500, użytkownik Alec Warner |
| 2 |
napisał: |
| 3 |
> On Wed, Jan 24, 2018 at 3:56 AM, Michał Górny <mgorny@g.o> wrote: |
| 4 |
> |
| 5 |
> > Hi, everyone. |
| 6 |
> > |
| 7 |
> > Since the initial review of my patch lost focus, and lacked sufficient |
| 8 |
> > context, here's the plan that I'd like to follow in order to initially |
| 9 |
> > integrate gemato with portage and give our users secure checkouts by |
| 10 |
> > default. |
| 11 |
> > |
| 12 |
> > 1. Add postsync hook to Portage git. Eventually, it will be replaced by |
| 13 |
> > direct Portage support. |
| 14 |
> > |
| 15 |
> > 2. Add IUSE=+rsync-verify to portage-9999 that controls installing the |
| 16 |
> > hook. This will give users the ability to easily disable it without jumping |
| 17 |
> > through cross package hoops. |
| 18 |
> > |
| 19 |
> |
| 20 |
> I think it makes sense to avoid installing the hook through this means |
| 21 |
> (e.g. I don't want it, so I set USE=-rsync-verify) |
| 22 |
> |
| 23 |
> I think its a bit trickier to control the hook's behavior. For instance: |
| 24 |
> |
| 25 |
> 1) I install portage[rsync-verify]. This installs the hook. |
| 26 |
> 2) I end up not liking the hook, I install portage[-rsync-verify] |
| 27 |
> 3) Does the hook get config-protected here? |
| 28 |
|
| 29 |
Keeping config-protected files applies only if the file were modified. |
| 30 |
In this case it just gets unmerged. I've just verified that. |
| 31 |
|
| 32 |
> > 3. Submit a news item for review that will explain how to initially verify |
| 33 |
> > the keys on existing installations. |
| 34 |
> > |
| 35 |
> > The news item would be published when the hook hits a release. |
| 36 |
> > |
| 37 |
> > What do you think? If you agree, then I'll start writing the news item. |
| 38 |
> > |
| 39 |
> |
| 40 |
> The other part of the user story I don't understand is what actions should |
| 41 |
> users take when verification legit fails? |
| 42 |
> |
| 43 |
> 1) file a bug? |
| 44 |
> 2) re-sync their tree? |
| 45 |
> 3) something else? |
| 46 |
|
| 47 |
I'd say one re-sync would be reasonable in case it could have been some |
| 48 |
rsync glitch. Beyond that, it would definitely be worth reporting... |
| 49 |
except the user will probably hit another mirror. |
| 50 |
|
| 51 |
-- |
| 52 |
Best regards, |
| 53 |
Michał Górny |
Archives