Archives
Archives
| From: | Michael <confabulate@××××××××.com> | ||
|---|---|---|---|
| To: | gentoo-user@l.g.o | ||
| Subject: | Re: [gentoo-user] --sync | ||
| Date: | Mon, 01 Aug 2022 10:08:19 | ||
| Message-Id: | 4205535.ejJDZkT8p0@lenovo.localdomain | ||
| In Reply to: | Re: [gentoo-user] --sync by tastytea |
||
| 1 | On Monday, 1 August 2022 10:43:55 BST tastytea wrote: |
| 2 | > On 2022-08-01 07:58+0100 Michael <confabulate@××××××××.com> wrote: |
| 3 | > > […] |
| 4 | > > |
| 5 | > > 2. These days rsync uses hashes and gpg to check the integrity of |
| 6 | > > portage and will flag up a warning in case of file tampering, or |
| 7 | > > corrupt data. As far as I know such a solution doesn't exist with |
| 8 | > > git. |
| 9 | > |
| 10 | > Verification can be turned on with |
| 11 | > sync-git-verify-commit-signature = yes |
| 12 | > in repos.conf.[1] This does not seem to be enabled by default.[2] |
| 13 | > |
| 14 | > [1] |
| 15 | > <https://wiki.gentoo.org/wiki/Project:Portage/Repository_verification#git> |
| 16 | > [2] <https://wiki.gentoo.org/wiki/Portage_Security#git-mirror_repositories> |
| 17 | |
| 18 | I see ... this is an improvement from what I recall it to be. Thanks for |
| 19 | pointing it out. Perhaps I should start using git again. :-) |
| File name | MIME type |
|---|---|
| signature.asc | application/pgp-signature |