Rich Freeman wrote:
> emerge --sync works just fine if
> there are uncommitted changes in your repository, whether they are
> indexed or otherwise.
You are right. It seems to be somewhat "random" when git pull
refuses to work and when not. I could not detect a common scheme.
Maybe this has
On Sun, Jul 8, 2018 at 4:28 AM Martin Vaeth wrote:
>
> Rich Freeman wrote:
>
> It's the *history* of the metadata which matters here:
You make a reasonable point here.
> > "The council does not require that ChangeLogs be generated or
> > distributed through the rsync system. It is at the
Rich Freeman wrote:
>> I was speaking about gentoo's git repository, of course
>> (the one which was attacked on github), not about a Frankensteined one
>> with metadata history filling megabytes of disk space unnecessarily.
>> Who has that much disk space to waste?
>
> Doesn't portage create
On Sat, Jul 7, 2018 at 5:29 PM Martin Vaeth wrote:
>
> Rich Freeman wrote:
> > On Sat, Jul 7, 2018 at 1:34 AM Martin Vaeth wrote:
> >>
> >> Biggest issue is that git signature happens by the developer who
> >> last commited which means that in practice you need dozens/hundreds
> >> of keys.
> >
Rich Freeman wrote:
> On Sat, Jul 7, 2018 at 1:51 AM Martin Vaeth wrote:
>> Davyd McColl wrote:
>>
>> > I ask because prior to the GitHub incident, I didn't have signature
>> > verification enabled
>>
>> Currently, it is not practical to change this, see my other posting.
>
> You clearly don't
Rich Freeman wrote:
> On Sat, Jul 7, 2018 at 1:34 AM Martin Vaeth wrote:
>>
>> Biggest issue is that git signature happens by the developer who
>> last commited which means that in practice you need dozens/hundreds
>> of keys.
>
> This is untrue. [...]
> It will, of course, not work on the
On Sat, Jul 7, 2018 at 1:34 AM Martin Vaeth wrote:
>
> Rich Freeman wrote:
> >
> > Biggest issue with git signature verification is that right now it
> > will still do a full pull/checkout before verifying
>
> Biggest issue is that git signature happens by the developer who
> last commited which
On Sat, Jul 7, 2018 at 1:51 AM Martin Vaeth wrote:
>
> Davyd McColl wrote:
>
> > I ask because prior to the GitHub incident, I didn't have signature
> > verification enabled
>
> Currently, it is not practical to change this, see my other posting.
>
You clearly don't understand what it actually
Davyd McColl wrote:
> @Rich: if I understand the process correctly, the same commits are
> pushed to infra and GitHub by the CI bot?
Yes, the repositories are always identical (up to a few seconds delay).
> I ask because prior to the GitHub incident, I didn't have signature
> verification
Rich Freeman wrote:
>
> Biggest issue with git signature verification is that right now it
> will still do a full pull/checkout before verifying
Biggest issue is that git signature happens by the developer who
last commited which means that in practice you need dozens/hundreds
of keys. No
10 matches
Mail list logo
