Re: [gentoo-dev] [GLEP] Manifest2 format
On Mon, 23 Jan 2006 11:27:56 +0100 Marius Mauch [EMAIL PROTECTED] wrote: On Tue, 6 Dec 2005 17:04:53 +0100 Marius Mauch [EMAIL PROTECTED] wrote: Hi, As promised here the GLEP for Manifest2 support: http://www.gentoo.org/proj/en/glep/glep-0044.html This will NOT be voted upon the next council meeting on thursday ;) Ok, made a few minor corrections, mainly s/SRCURI/DISTFILE/ so people don't get confused about the underscore (and as someone pointed out those entries aren't uris anyway). Ok, updated once more incorporating recent feedback. Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. signature.asc Description: PGP signature
Re: [gentoo-dev] [GLEP] Manifest2 format
On Tue, 6 Dec 2005 17:04:53 +0100 Marius Mauch [EMAIL PROTECTED] wrote: Hi, As promised here the GLEP for Manifest2 support: http://www.gentoo.org/proj/en/glep/glep-0044.html This will NOT be voted upon the next council meeting on thursday ;) Ok, made a few minor corrections, mainly s/SRCURI/DISTFILE/ so people don't get confused about the underscore (and as someone pointed out those entries aren't uris anyway). I'd like to get this voted upon the next meeting. Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. signature.asc Description: PGP signature
Re: [gentoo-dev] [GLEP] Manifest2 format
As promised here the GLEP for Manifest2 support: http://www.gentoo.org/proj/en/glep/glep-0044.html I like it - well done Marius. -- Daniel Black [EMAIL PROTECTED] Gentoo Crypto/PPC/dev-embedded/Forensics/NetMon pgpD3JojbdJir.pgp Description: PGP signature
Re: [gentoo-dev] [GLEP] Manifest2 format
On Wednesday 07 December 2005 04:04, Marius Mauch wrote: As stated in the GLEP, gpg is outside the scope of this. As for the questions, per entry sigs would invert one of the main goals (size reduction). And so far I haven't seen any sufficient answer to questions I raised on -core and -portage-dev regarding the transaction/stacked/fragmented/whatever-you-want-to-call-it Manifest signing proposed by Robin, so I'm still quite against it. Per entry sigs make no sense in the current design. All ebuilds can touch all files, and so the complete manifest should be verified. This means that the whole manifest should be signed. Having said that, I would like to argue that this GLEP be implemented only together with gpg signing the manifest. Doing otherwise would require another change in the manifest format in a short time. If the manifest format has optional signing that would also be ok. Just align the requirements and make manifest2 and the gpg signing of it compatible. Paul -- Paul de Vrieze Gentoo Developer Mail: [EMAIL PROTECTED] Homepage: http://www.devrieze.net pgp0ri8AWuBMk.pgp Description: PGP signature
Re: [gentoo-dev] [GLEP] Manifest2 format
On Wed, 7 Dec 2005 16:15:49 +0100 Paul de Vrieze [EMAIL PROTECTED] wrote: On Wednesday 07 December 2005 04:04, Marius Mauch wrote: As stated in the GLEP, gpg is outside the scope of this. As for the questions, per entry sigs would invert one of the main goals (size reduction). And so far I haven't seen any sufficient answer to questions I raised on -core and -portage-dev regarding the transaction/stacked/fragmented/whatever-you-want-to-call-it Manifest signing proposed by Robin, so I'm still quite against it. Per entry sigs make no sense in the current design. All ebuilds can touch all files, and so the complete manifest should be verified. This means that the whole manifest should be signed. Having said that, I would like to argue that this GLEP be implemented only together with gpg signing the manifest. Doing otherwise would require another change in the manifest format in a short time. If the manifest format has optional signing that would also be ok. Just align the requirements and make manifest2 and the gpg signing of it compatible. Signing is already implemented and independent of the Manifest format. It's just not yet mandatory due to the missing key policy. Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. signature.asc Description: PGP signature
[gentoo-dev] [GLEP] Manifest2 format
Hi, As promised here the GLEP for Manifest2 support: http://www.gentoo.org/proj/en/glep/glep-0044.html This will NOT be voted upon the next council meeting on thursday ;) Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. signature.asc Description: PGP signature
Re: [gentoo-dev] [GLEP] Manifest2 format
Marius Mauch wrote: Hi, As promised here the GLEP for Manifest2 support: http://www.gentoo.org/proj/en/glep/glep-0044.html This will NOT be voted upon the next council meeting on thursday ;) Marius Really great that this has reached us, digest-* files are really annoying from my pov. Greetings to everyone who make this happen. -- F.R. -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] [GLEP] Manifest2 format
You know, I'd actually support a rather more abrupt transition, where we announce that on a particular date all digest files are going to be removed, thereby breaking any version of portage older than portage-x.y.z. Many people would probably miss such a deadline, but assuming that we also publicize how to download and unpack a portage rescue tarball then I would think that the actual pain would be minimal. (Indeed, we could even have a fix-portage.sh script in /usr/portage/scripts that would do the downloading and unpacking, if we wanted to be particularly nice.) Backwards compatibility is nice, but I'd really rather not see good ideas take a year to fully be implemented unless absolutely required. How about instead of letting people use tarballs, we kill the digests for every package except portage and it's deps. That way we will break the system and enforce an upgrade, but we will also give them an easy upgrade route. (I haven't looked at the GLEP so I don't know about manifest compatibility). -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] [GLEP] Manifest2 format
On Tue, 6 Dec 2005 17:04:53 +0100 Marius Mauch [EMAIL PROTECTED] wrote: | As promised here the GLEP for Manifest2 support: | http://www.gentoo.org/proj/en/glep/glep-0044.html Any reason for SRCURI over SRC_URI? -- Ciaran McCreesh : Gentoo Developer (I can kill you with my brain) Mail: ciaranm at gentoo.org Web : http://dev.gentoo.org/~ciaranm signature.asc Description: PGP signature
Re: [gentoo-dev] [GLEP] Manifest2 format
On Tue, 2005-06-12 at 17:04 +0100, Marius Mauch wrote: As promised here the GLEP for Manifest2 support: http://www.gentoo.org/proj/en/glep/glep-0044.html I see nothing about GPG in the GLEP.. Would those manifest files be signed like the current ones? Would it be possible to have per-line signing, or something like the stacked signing idea that was proposed last month. If we are going to change the manifest format, might as well do it properly. -- Olivier CrĂȘte [EMAIL PROTECTED] Gentoo Developer -- gentoo-dev@gentoo.org mailing list
Re: [gentoo-dev] [GLEP] Manifest2 format
On Tue, 6 Dec 2005 22:58:06 + Ciaran McCreesh [EMAIL PROTECTED] wrote: On Tue, 6 Dec 2005 17:04:53 +0100 Marius Mauch [EMAIL PROTECTED] wrote: | As promised here the GLEP for Manifest2 support: | http://www.gentoo.org/proj/en/glep/glep-0044.html Any reason for SRCURI over SRC_URI? Personal preference. Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. signature.asc Description: PGP signature
Re: [gentoo-dev] [GLEP] Manifest2 format
On Tue, Dec 06, 2005 at 06:39:10PM -0500, Olivier Crete wrote: On Tue, 2005-06-12 at 17:04 +0100, Marius Mauch wrote: As promised here the GLEP for Manifest2 support: http://www.gentoo.org/proj/en/glep/glep-0044.html I see nothing about GPG in the GLEP.. Would those manifest files be signed like the current ones? Would it be possible to have per-line signing, or something like the stacked signing idea that was proposed last month. If we are going to change the manifest format, might as well do it properly. Scope: It does not expand the scope of it to cover eclasses, profiles or anything else not already covered by the Manifest system, it also doesn't affect the Manifest signing efforts in any way (though the implementations of both might be coupled). I'd like to aim for doing the fragment signing in right into Manifest2 from the start, and I've had discussions with ferringb regarding that. It makes more sense than refitting the existing Manifest code with the new signing. -- Robin Hugh Johnson E-Mail : [EMAIL PROTECTED] GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 pgpH2MAl6XPDD.pgp Description: PGP signature
Re: [gentoo-dev] [GLEP] Manifest2 format
On Tue, 06 Dec 2005 18:39:10 -0500 Olivier Crete [EMAIL PROTECTED] wrote: On Tue, 2005-06-12 at 17:04 +0100, Marius Mauch wrote: As promised here the GLEP for Manifest2 support: http://www.gentoo.org/proj/en/glep/glep-0044.html I see nothing about GPG in the GLEP.. Would those manifest files be signed like the current ones? Would it be possible to have per-line signing, or something like the stacked signing idea that was proposed last month. If we are going to change the manifest format, might as well do it properly. As stated in the GLEP, gpg is outside the scope of this. As for the questions, per entry sigs would invert one of the main goals (size reduction). And so far I haven't seen any sufficient answer to questions I raised on -core and -portage-dev regarding the transaction/stacked/fragmented/whatever-you-want-to-call-it Manifest signing proposed by Robin, so I'm still quite against it. Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. signature.asc Description: PGP signature
Re: [gentoo-dev] [GLEP] Manifest2 format
On Tue, Dec 06, 2005 at 01:39:03PM -0600, Grant Goodyear wrote: Marius Mauch wrote: [Tue Dec 06 2005, 10:04:53AM CST] As promised here the GLEP for Manifest2 support: http://www.gentoo.org/proj/en/glep/glep-0044.html You know, I'd actually support a rather more abrupt transition, where we announce that on a particular date all digest files are going to be removed, thereby breaking any version of portage older than portage-x.y.z. Many people would probably miss such a deadline, but assuming that we also publicize how to download and unpack a portage rescue tarball then I would think that the actual pain would be minimal. ^^^ Haven't been to #gentoo lately have you? :) -- Jon Portnoy avenj/irc.freenode.net -- gentoo-dev@gentoo.org mailing list
