-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 14/08/15 07:56 AM, Andrew Savchenko wrote: > 2. The question is why manifests are modified for rsync. In git > manifests are thin (only distfiles are there), in rsync they > also contain checksums for ebuilds and files dir content. Do we > really need this? These manifests are not signed now, so of > little use.
There's still plenty of cases where there can be mis-matches that the checksums will catch; just because it's not a be-all-and-end-all security solution doesn't mean it's not valuable for data integrity in general. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iF4EAREIAAYFAlXN/NsACgkQAJxUfCtlWe3BBQD/blYWTRa7WuF+GdGlQ8grxvlk Rdx67cc5Bfvt5qTvuVwBAOf6Ef5f7QUX8jI0vLM6Sn7Gy+CPopxFanqIcgLvMjfr =dea0 -----END PGP SIGNATURE-----
