1 |
On Wed, Jul 4, 2018 at 1:34 PM Rich Freeman <rich0@g.o> wrote: |
2 |
> |
3 |
> I wonder if we can have portage instead do a fetch, then do the |
4 |
> verification of HEAD, and then if it passes do a checkout. That will |
5 |
> still leave you with invalid data in the git history, but it won't |
6 |
> actually be checked out, so at least emerge won't be seeing it. |
7 |
> |
8 |
|
9 |
Kudos to zmedico on the quick patch: |
10 |
https://github.com/gentoo/portage/pull/332/commits/74c3b10dba60bcb096404c6aca148b9ae7a9a80b |
11 |
|
12 |
I'm sure it will be a bit before it is released, but this should make |
13 |
git syncs much more secure. |
14 |
|
15 |
-- |
16 |
Rich |