>>>>> "RHJ" == Robin H Johnson <robb...@gentoo.org> writes:
RHJ> Some more issues for you: RHJ> 1. Increases the size of the Manifest by a minimum of 710 bytes _per_ RHJ> file. (4 bytes for 'GPG ', 700-900 for the hash, 1 for the field space, 5-12 bytes for the RHJ> trailer). RHJ> 1.1. 55907 Manifest2 entries need this signing, so that's a ~38MiB RHJ> increase in the tree size. RHJ> 2. Impossible to validate without Portage itself, or at least another RHJ> tool to convert the signature back into a form readable by GnuPG. >From the standpoint of someone using Gentoo to Get Work Done: RMD160 and SHA1 just waste space. SHA2 is sufficient non-encrypted hashing. Put distfile sigs in $DISTDIR or $FILESDIR. They are just too large for a line-per-entry file. Include the signing keyid in the filename to support both allowing multiple devs to sign a file and an easy indication of who signed it. Have portage note in the ebuild log what was signed, by what key, and whether the sigs were true. Make failing on a bad sig optional (per overlay?) and make sure that even when portage /is/ configured to fail on a bad sig that it only fails that one package and anything in the current set which depends on that version of the failed package. Don't stop everything just because /one/ package has a problem. And think about a way to sign Changelog entries. -JimC -- James Cloos <cl...@jhcloos.com> OpenPGP: 1024D/ED7DAEA6