* Mike Frysinger <vap...@gentoo.org>: > On Thu, Mar 24, 2011 at 8:09 PM, Antoni Grzymala wrote: [Manifest signing] > > Does that get us any closer to GLEPs 57, 58, 59 (or generally > > approaching the tree-signing/verifying group of problems)? > > yes
I think, it's a "no". The MetaManifest GLEP relies on a signed top-level "MetaManifest" which hashes all sub Manifests, whether they are signed or not doesn't matter. I don't see a major advantage to signed portage snapshots we already offer today. Do you want to reject signed commits if - keys are not publicly available [1] - signatures are from expired keys [2] - keys are revoked [3] - keys are not listed in userinfo.xml (current or former devs) [4] [1] https://bugs.gentoo.org/205405 [2] http://dev.gentoo.org/~tove/stats/gentoo-x86/Manifest/signatures_by_expired_keys.txt [3] http://dev.gentoo.org/~tove/stats/gentoo-x86/Manifest/signatures_by_revoked_keys.txt [4] http://dev.gentoo.org/~tove/stats/gentoo-x86/Manifest/keys_in_use.txt
