| 1 |
Rich Freeman <rich0@g.o> wrote: |
| 2 |
> On Sat, Jul 7, 2018 at 1:34 AM Martin Vaeth <martin@×××××.de> wrote: |
| 3 |
>> |
| 4 |
>> Biggest issue is that git signature happens by the developer who |
| 5 |
>> last commited which means that in practice you need dozens/hundreds |
| 6 |
>> of keys. |
| 7 |
> |
| 8 |
> This is untrue. [...] |
| 9 |
> It will, of course, not work on the regular git repo [...] |
| 10 |
> You need to use a repo that is signed by infra |
| 11 |
> (which typically includes metadata/etc as well). |
| 12 |
|
| 13 |
I was speaking about gentoo's git repository, of course |
| 14 |
(the one which was attacked on github), not about a Frankensteined one |
| 15 |
with metadata history filling megabytes of disk space unnecessarily. |
| 16 |
Who has that much disk space to waste? |
| 17 |
|
| 18 |
For the official git repository your assertions are simply false, |
| 19 |
as you apprently admit: It is currently not possible to use the |
| 20 |
official git repo (or the github clone of it which was attacked) |
| 21 |
in a secure manner. |
| 22 |
|
| 23 |
>> > unless you stick --force in your pull |
| 24 |
>> |
| 25 |
>> Unfortunately, it is not that simple: git pull --force only works if |
| 26 |
> [...] |
| 27 |
> You completely trimmed the context around my quote. [...] |
| 28 |
> they simply would not be pulled without --force. |
| 29 |
|
| 30 |
I was saying that they would not be pulled *with* --force either, |
| 31 |
because pull --force is not as strong as you think it is (it would |
| 32 |
have shown you conflicts to resolve manually). |
| 33 |
You would have to use the commands that I have posted. |
| 34 |
|
| 35 |
> You seem to be providing advice for how to do a pull with a shallow |
| 36 |
> repository |
| 37 |
|
| 38 |
No, what I said is not related to a shallow repository. It has to do |
| 39 |
with pulling a forced push, in general. |
| 40 |
|
| 41 |
>> At least since the ChangeLogs have been removed. |
| 42 |
>> IMHO it was the wrong decision to not keep them in the rsync tree |
| 43 |
>> (The tool to regenerate them from git was/is available). |
| 44 |
> |
| 45 |
> Changelogs are redundant with git, and they take a ton of space (which |
| 46 |
> of late everybody seems to be super-concerned about) |
| 47 |
|
| 48 |
Compared to the git history, they take very little space. |
| 49 |
If you squash the portage tree, it is hardly measurable. |
| 50 |
And with the ChangeLogs, rsync would still be a sane option for |
| 51 |
most users. Without ChangeLogs many users are unnecessarily forced |
| 52 |
to change and to sacrifice the space for git history. |
| 53 |
|
| 54 |
> and as a bonus they want them prepended to |
| 55 |
> instead of appended so that rsync resends the whole thing instead of |
| 56 |
> just the tail... |
| 57 |
|
| 58 |
Your implicit claim is untrue. rsync - as used by portage - always |
| 59 |
transfers whole files, only. |
| 60 |
|
| 61 |
> But, this was endlessly debated before the decision was made. |
| 62 |
|
| 63 |
The decision was about removing the ChangeLogs from the git |
| 64 |
repository. This was certainly the correct decision, because - |
| 65 |
as you said - the ChangeLogs *can* be regenerated from the |
| 66 |
git history and thus it makes no sense to modify/store them |
| 67 |
redundantly. |
| 68 |
|
| 69 |
But I was speaking about the distribution of ChangeLogs in rsync: |
| 70 |
Whenever the infrastructure uses egencache to generate the metadata, |
| 71 |
it could simply pass --update-changelogs so that rsync users |
| 72 |
still would have ChangeLogs: They cannot get them from git history. |
| 73 |
|
| 74 |
> My |
| 75 |
> point is that the sorts of people who like Gentoo would probably tend |
| 76 |
> to like git. |
| 77 |
|
| 78 |
"Liking" git does not mean that one has to use it also for things |
| 79 |
for which it brings nothing. And for most users none of its features |
| 80 |
is useful for the portage tree. With one exception: ChangeLogs. |
| 81 |
That's why I am adverising to bring them back to the rsync tree. |
| 82 |
|
| 83 |
> The "keys problem" has nothing to do with the security of git |
| 84 |
> verification, because those keys are not used by git verification on |
| 85 |
> the end-user side. |
| 86 |
|
| 87 |
Whoever is that git/developer affine that he prefers git despite |
| 88 |
it costs more disk space will certainly want to use the actual |
| 89 |
source repository and not a worse rsync-clone repository. |
| 90 |
|
| 91 |
> It probably should be a configurable option in repos.conf, but |
| 92 |
> honestly, forced pushes are not something that should be considered a |
| 93 |
> good practice. |
| 94 |
|
| 95 |
1. portage shouldn't decide about practices of overlays. |
| 96 |
2. also in the official gentoo repository force pushes happen |
| 97 |
occassionally. Last occurrence was e.g. when undoing the |
| 98 |
malevolent forced push ;) |
| 99 |
3. git pull fails not only for forced pushes but also in several |
| 100 |
other occassions; for instance, if your filesystem changed inodes |
| 101 |
numbers (e.g. squash + overlayfs after a resquash+remount). |
| 102 |
4. Even if the user made the mistake to edit a file, portage should |
| 103 |
not just die on syncing. |
Archives