On 3 October 2010 13:28, Michał Górny <mgo...@gentoo.org> wrote: > Hello, > > I would like to propose a new attempt at Manifest signatures. Instead > of using a single per-Manifest signature, we would keep separate > signatures for each of the files, as an additional (optional) hash > type. > > > Motivation > ---------- > The current signing approach gives all the responsibility for Manifest > signature to the developer who committed last update to the ebuild > directory regardless of the actual commit significance. > > Consider the following: Dev A is the primary package maintainer. He/she > reviewed all the ebuilds and committed a signed Manifest. Then Dev B > performs a slight cleanup of the ebuild directory. He/she modifies > metadata.xml a little and/or removes an old ebuild. > > The actual ebuilds weren't modified -- yet Dev B has to sign all > of them once again. Moreover, if Dev B doesn't use Manifest signing, > the signature from Dev A is lost.
If we make the GPG signatures mandatory at some point of time, that addresses the second of your concerns. I do not understand why the first a problem - could you clarify? Cheers, -- Arun Raghavan http://arunraghavan.net/ (Ford_Prefect | Gentoo) & (arunsr | GNOME)