1 |
On Fri, Feb 20, 2009 at 11:50:07AM +0100, Robert Buchholz wrote: |
2 |
> On Friday 20 February 2009, Robin H. Johnson wrote: |
3 |
> > Remember that Portage will only verify hashes that exist in the file. |
4 |
> > If they aren't in the file, they don't get verified. The fix you |
5 |
> > describe is unneeded. |
6 |
> If you use FEATURES=digest, Portage ignores missing lines or errors in |
7 |
> the Manifest completely. So either overlays must ship full Manifests or |
8 |
> Portage would need a feature to fix slim Manifests. |
9 |
[snip some paragraphs missing the point]. |
10 |
Portage needs minor changes for slim Manifests anyway: specifically, to |
11 |
check the files against the Git index rather than the Manifest. It's NOT |
12 |
that the files from the tree directly are unsigned, but rather that |
13 |
their digests/signatures exist in Git instead of the Manifest. |
14 |
|
15 |
The commits in the Git tree should be signed anyway to increase |
16 |
security. |
17 |
|
18 |
-- |
19 |
Robin Hugh Johnson |
20 |
Gentoo Linux Developer & Infra Guy |
21 |
E-Mail : robbat2@g.o |
22 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |