On Sun, May 01, 2011 at 10:08:31PM +0100, Markos Chandras wrote: > Since most ( if not all ) of us use the same message on the Changelog > and on the commit log, it probably worth the effort of having the rsync > servers create the Changelogs before populate the portage tree. Having > the servers do that, will also allow us to provide cut down Changelogs > ( lets say keep that last 10 entries ) so we can provide a more minimal > portage tree, size wise. A huge portage tree might not be a problem for > most of us but it sure is for embedded and all kind of similar systems.
This opens up a bit of nastyness; either the service would have to resign all manifests (which defeats a fair bit of the signing intent), or ChangeLog's would have to pulled in full from cvs, generated strictly server side (else manifest will have stale chksums for it), and ChangeLog will have to exist outside of all validation. So... either resigning everywhere for regen, or having no validation asserted on the ChangeLog- meaning certain men in the middle have a nice area to inject some unfriendly things for anyone who happens to read it. ~harring
