W dniu śro, 24.01.2018 o godzinie 12∶29 -0800, użytkownik Zac Medico napisał: > On 01/24/2018 12:56 AM, Michał Górny wrote: > > Hi, everyone. > > > > Since the initial review of my patch lost focus, and lacked sufficient > > context, here's the plan that I'd like to follow in order to initially > > integrate gemato with portage and give our users secure checkouts by > > default. > > > > 1. Add postsync hook to Portage git. Eventually, it will be replaced by > > direct Portage support. > > > > 2. Add IUSE=+rsync-verify to portage-9999 that controls installing the > > hook. This will give users the ability to easily disable it without jumping > > through cross package hoops. > > > > 3. Submit a news item for review that will explain how to initially verify > > the keys on existing installations. > > > > The news item would be published when the hook hits a release. > > > > What do you think? If you agree, then I'll start writing the news item. > > > > For the sake of maintaining stable interfaces for users, I feel like we > should add the repos.conf sync-rsync-verify setting for this is > up-front. That way, we won't have to train people to use a new interface > later. Also, eventually we have to do this anyway if we want portage to > recognize the nature of the failure and react by quarantining the > repository.
Do you mean implementing it completely inside sync code without hooks? I'm all for it. Will submit a patch soon. -- Best regards, Michał Górny
