Gentoo Archives: gentoo-scm

From: Robert Buchholz <rbu@g.o>
To: gentoo-scm@l.g.o
Cc: "Robin H. Johnson" <robbat2@g.o>
Subject: Re: [gentoo-scm] gentoo-x86 on git - Manifests
Date: Wed, 18 Feb 2009 22:27:53
In Reply to: Re: [gentoo-scm] gentoo-x86 on git - Manifests by "Robin H. Johnson"
On Wednesday 18 February 2009, Robin H. Johnson wrote:
> Using the converse, all files covered by AUX, DIST, MISC have GIT > SHA1 commit ids. Explicitly performing a checksum on them is not > needed, just extract it from Git.
These hashes would need to be regenerated for the rsync though, because otherwise it does not provide integrity and this would make tree signing impossible. Overlays would have to abandon the hashes though, otherwise you'll get the same merge trouble again.
> When it comes to generating the outgoing Manifests for users on the > central server, it's pretty simple. > > The only downside I see is the potential for a degree of lesser > security for anybody using the Git repo directly instead of rsync.
It'll also ease attacks on distfiles when first mirroring them. Currently, developers download the code (verify checksums, gpg, or review the code, ... at least sometimes) and then commit the hash of what they have seen. The distfiles master box then verifies that hash and users only ever can install it if it's the same the dev had seen. If the distfiles master is the one generating that hash, there is (1) a time gap between the dev reviewing the file and the box getting the hash and (2) only one box would need to be attacked via man-in-the-middle, whereas it is currently two. Robert


File name MIME type
signature.asc application/pgp-signature


Subject Author
Re: [gentoo-scm] gentoo-x86 on git - Manifests "Robin H. Johnson" <robbat2@g.o>