| 1 |
On Monday 16 November 2015 17:21:07 Martin Vaeth wrote: |
| 2 |
>covici@××××××××××.com <covici@××××××××××.com> wrote: |
| 3 |
>> I have thinmanifests=true as specified in some news item or post, I |
| 4 |
>> think this was a mandatory change some time ago using rsync. |
| 5 |
> |
| 6 |
>If you really use rsync/webrsync and not git, this is unlikely: |
| 7 |
>The file containing this line (metadata/layout.conf) should be |
| 8 |
>overridden at every rsync (unless you took special measures, |
| 9 |
>but this was certainly never recommended). |
| 10 |
> |
| 11 |
>> They figured the ebuilds sync anyway so no reason for the |
| 12 |
>> manifests to have them. |
| 13 |
> |
| 14 |
>It is not about syncing but about security (checksums with |
| 15 |
>signatures should safe you from MITM and even compromised |
| 16 |
>servers). Thin-manifests was only meant for git, because git |
| 17 |
>already contains checksums ('though only less secure sha1, |
| 18 |
>but that's a different story), so it was decided that no |
| 19 |
>duplicate checksums are needed for git. |
| 20 |
>For *rsync* the situation is different. |
| 21 |
|
| 22 |
Don't forget that in Gentoo all commits are also GPG signed. |
| 23 |
|
| 24 |
-- |
| 25 |
Marc Joliet |
| 26 |
-- |
| 27 |
"People who think they know everything really annoy those of us who know we |
| 28 |
don't" - Bjarne Stroustrup |
Archives