On 01/24/2018 12:35 PM, Michał Górny wrote: > W dniu śro, 24.01.2018 o godzinie 12∶29 -0800, użytkownik Zac Medico > napisał: >> On 01/24/2018 12:56 AM, Michał Górny wrote: >>> Hi, everyone. >>> >>> Since the initial review of my patch lost focus, and lacked sufficient >>> context, here's the plan that I'd like to follow in order to initially >>> integrate gemato with portage and give our users secure checkouts by >>> default. >>> >>> 1. Add postsync hook to Portage git. Eventually, it will be replaced by >>> direct Portage support. >>> >>> 2. Add IUSE=+rsync-verify to portage-9999 that controls installing the >>> hook. This will give users the ability to easily disable it without jumping >>> through cross package hoops. >>> >>> 3. Submit a news item for review that will explain how to initially verify >>> the keys on existing installations. >>> >>> The news item would be published when the hook hits a release. >>> >>> What do you think? If you agree, then I'll start writing the news item. >>> >> >> For the sake of maintaining stable interfaces for users, I feel like we >> should add the repos.conf sync-rsync-verify setting for this is >> up-front. That way, we won't have to train people to use a new interface >> later. Also, eventually we have to do this anyway if we want portage to >> recognize the nature of the failure and react by quarantining the >> repository. > > Do you mean implementing it completely inside sync code without hooks? > I'm all for it. Will submit a patch soon.
Right. -- Thanks, Zac
signature.asc
Description: OpenPGP digital signature