Hi, Here's a batch of patches meant to be merged after the bugfix release. They replace the calls to "gemato" executable with Python routine calls, and further improve the security.
The notable improvements are: 1. New shiny e-style output ;-). 2. Manifest signature is always verified, even if the tree is considered unchanged. This allows us to detect recent key revocation even without having other changes to verify. 3. OpenPGP keys are loaded and updated before rsync. This allows us to bail out early, and let the user fix the situation without having to do the whole rsync routine multiple times. 4. Manifest timestamp is compared to the local clock, and a warning is issued if the tree received is at least 24 hours old. This allows us to detect attacks based on preventing the user from upgrading. -- Best regards, Michał Górny
