On Tue, 29 Jul 2008 20:51:45 +0100 Mike Auty <[EMAIL PROTECTED]> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Sorry, > I lost my notes from when I last looked these over several > months ago, and only just found them again. I haven't copied this to > [EMAIL PROTECTED], so let me know if I should do that. I just had a quick > couple of things I was thinking about, and one of them I figured out > during my re-read, so it's only really the following... > > In this Glep (xx+1), in the section discussing the procedure for > creating a MetaManifest file, in step 3.3, does that include > verification of the manifest's signature if it has one? It would seem > odd to ignore the signature if it's wrong (I'm not sure about the case > if a signature isn't present). I also don't know how this would then > be handled (a complete abort, or ignoring the latest changeset to that > ebuild?). I don't think that verification at this stage would be a good idea. The only sane way to respond to a failed check would be to either exclude the whole package from the sync (keeping the state from the last run), leading to various problems (what if it's a critical bugfix/security bump, or breaks a the deptree of many packages?), or not record the Manifest in the Metamanifest, which hasn't any benefits over reyling on the client doing the verification. Marius