On 2022-08-01 07:58+0100 Michael <confabul...@kintzios.com> wrote: > […] > > 2. These days rsync uses hashes and gpg to check the integrity of > portage and will flag up a warning in case of file tampering, or > corrupt data. As far as I know such a solution doesn't exist with > git.
Verification can be turned on with sync-git-verify-commit-signature = yes in repos.conf.[1] This does not seem to be enabled by default.[2] [1] <https://wiki.gentoo.org/wiki/Project:Portage/Repository_verification#git> [2] <https://wiki.gentoo.org/wiki/Portage_Security#git-mirror_repositories>
