1 |
On Tue, Jul 3, 2018 at 7:06 AM gevisz <gevisz@×××××.com> wrote: |
2 |
> |
3 |
> Why not to put new openpgp-keys-gentoo-release |
4 |
> into the portage tree BEFORE all existing Gentoo |
5 |
> singing keys expire? |
6 |
> |
7 |
|
8 |
My guess is that it was an oversight. |
9 |
|
10 |
I note that emerge --sync seems to update keys from the keyserver |
11 |
automatically, and thus it didn't report any errors syncing for me. |
12 |
On the other hand, I believe it will leave /usr/portage compromised if |
13 |
an error is detected, so if you don't actually catch the error it |
14 |
throws you can still be harmed. I assume webrsync won't do that, but |
15 |
I haven't checked (the repository I use isn't available to webrsync as |
16 |
far as I'm aware). |
17 |
|
18 |
Improving signature checking is an area of recent interest, as you can |
19 |
imagine, so I suspect these will improve. |
20 |
|
21 |
-- |
22 |
Rich |