1 |
2018-07-03 14:47 GMT+03:00 Rich Freeman <rich0@g.o>: |
2 |
> On Tue, Jul 3, 2018 at 7:06 AM gevisz <gevisz@×××××.com> wrote: |
3 |
>> |
4 |
>> Why not to put new openpgp-keys-gentoo-release |
5 |
>> into the portage tree BEFORE all existing Gentoo |
6 |
>> singing keys expire? |
7 |
>> |
8 |
> |
9 |
> My guess is that it was an oversight. |
10 |
> |
11 |
> I note that emerge --sync seems to update keys from the keyserver |
12 |
> automatically, and thus it didn't report any errors syncing for me. |
13 |
> On the other hand, I believe it will leave /usr/portage compromised if |
14 |
> an error is detected, so if you don't actually catch the error it |
15 |
> throws you can still be harmed. I assume webrsync won't do that, but |
16 |
> I haven't checked (the repository I use isn't available to webrsync as |
17 |
> far as I'm aware). |
18 |
|
19 |
emerge-webrsync do check gpg Gentoo signitures, if webrsync-gpg |
20 |
feature is enabled in /etc/portage/make.conf, but it cannot do so, if |
21 |
all Gentoo signitures expired, as it was the case after 1 July 2018. |