On 2017.10.26 21:12, Michał Górny wrote: > Hi, everyone. > > After a week of hard work, I'd like to request your comments > on the draft of GLEP 74. This GLEP aims to replace the old > tree-signing > GLEPs 58 and 60 with a superior implementation and more complete > specification. > > The original tree-signing GLEPs were accepted a few years back but > they > have never been implemented. This specification, on the other hand, > comes with a working reference implementation for the verification > algorithm. I expect to finish the update/generation part in a few > days, > then work on additional optimizations (threading, incremental > verification, incremental updates). > > ReST: https://dev.gentoo.org/~mgorny/tmp/glep-0074.rst > HTML: https://dev.gentoo.org/~mgorny/tmp/glep-0074.html > impl: https://github.com/mgorny/gemato/ > > Full text following for inline comments. > [snip lots of hard work] > > -- > Best regards, > Michał Górny > > >
Michał, Thank you for the hard work. This GLEP implies that users need to have the entire repository to validate and authenticate, if I understand it correctly. For example PORTAGE_RSYNC_EXTRA_OPTS="--exclude=<list_of_<package/categories>" wil still work but the resulting tree could not be authenticaed. as the top level signature would fail. The manifests would still work correctly because they only apply to the directory containing them. Pruning the repository at rsync time will therefore remove the manifents and the files that they cover. Is that understanding correct? -- Regards, Roy Bamford (Neddyseagoon) a member of elections gentoo-ops forum-mods
pgp6HmH_FLlOR.pgp
Description: PGP signature