| 1 |
On Sat, Apr 09, 2022 at 02:50:30PM +0800, William Kenworthy wrote: |
| 2 |
> A new use has shown up named "verify-sig". It seems simple enough from |
| 3 |
> its euse description but its causing a large number of packages to be |
| 4 |
> rebuilt unnecessarily (it defaults to off on my sytems). Should I |
| 5 |
> enable it? - I can find much info on it and it looks like it will cause |
| 6 |
> major user hassles considering its effects so far - I am surprised there |
| 7 |
> has been no news item for it which probably means its not considered a |
| 8 |
> useful use flag. |
| 9 |
|
| 10 |
Use --changed-use/-U rather than --newuse/-N when using emerge. |
| 11 |
|
| 12 |
With --changed-use, if USE is changing from to: |
| 13 |
enabled -> removed = rebuilds |
| 14 |
disabled -> removed = ignores (changes nothing, no rebuild needed) |
| 15 |
missing -> disabled = ignores (likewise, this is the verify-sig) |
| 16 |
missing -> enabled = rebuilds |
| 17 |
|
| 18 |
While --newuse rebuilds in all 4 cases. |
| 19 |
|
| 20 |
There's largely no reason to enable verify-sig as you're already |
| 21 |
verifying through the Manifest. This is primarily intended for |
| 22 |
developers, albeit for users it can give some assurance that |
| 23 |
signatures were checked. |
| 24 |
|
| 25 |
-- |
| 26 |
ionen |
Archives