1 |
On Monday 16 November 2015 17:21:07 Martin Vaeth wrote: |
2 |
>covici@××××××××××.com <covici@××××××××××.com> wrote: |
3 |
>> I have thinmanifests=true as specified in some news item or post, I |
4 |
>> think this was a mandatory change some time ago using rsync. |
5 |
> |
6 |
>If you really use rsync/webrsync and not git, this is unlikely: |
7 |
>The file containing this line (metadata/layout.conf) should be |
8 |
>overridden at every rsync (unless you took special measures, |
9 |
>but this was certainly never recommended). |
10 |
> |
11 |
>> They figured the ebuilds sync anyway so no reason for the |
12 |
>> manifests to have them. |
13 |
> |
14 |
>It is not about syncing but about security (checksums with |
15 |
>signatures should safe you from MITM and even compromised |
16 |
>servers). Thin-manifests was only meant for git, because git |
17 |
>already contains checksums ('though only less secure sha1, |
18 |
>but that's a different story), so it was decided that no |
19 |
>duplicate checksums are needed for git. |
20 |
>For *rsync* the situation is different. |
21 |
|
22 |
Don't forget that in Gentoo all commits are also GPG signed. |
23 |
|
24 |
-- |
25 |
Marc Joliet |
26 |
-- |
27 |
"People who think they know everything really annoy those of us who know we |
28 |
don't" - Bjarne Stroustrup |