Oh hey. We're in the future. Let's try to commit something to repo/gentoo.git!
So apparently we're signing things with gpg now, so let's read the official documentation. The [1] wiki seems to be the canonical location for such things. Oh dear. The layout is VERY broken. See [2]. Which redirects to [3], which is a duplicate of [4], which has been closed because apparently the persons responsible don't understand how to internet. Since this bug is only about a year old I don't expect any progress soon - but fetching random crap from untrusted hosts is not a sane option. Especially since there is already a webserver, which is also trusted, so I'm confused why we're still having this conversation. But hey, let's blindly fetch CSS from unknown, just to notice that this 'theme' needs JavaScript to display properly. Because reasons. Why would I want to blindly execute code when reading the text of a wiki? Because, reasons. Because, future! Sigh. I'll just live with the breakage then. But anyway, we find [5] the right document, and ... hit [6]. Can't install, bug is over half a year old, so I have to consider upstream dead. But we can easily patch the ebuild and somehow install app-crypt/gkeys. Well, we can install it, but won't be able to use it because [7][8] it's TOFU. Totally Fine and Usable! Nothing some random stabbing won't fix, eh, but now we're an hour in just trying to get dependencies of dependencies installed. Sigh. Now that gkeys is out of the way, let's try to use gkeys-gen! [9][10][11] Nope. Nope nope, you don't get to play! So there's no way to actually *use* this software in the default config (how was this ever released?!), and upstream has not fixed any of these issues in almost a year. This parrot is an ex-parrot! Let's capitulate, err, repudiate. Wait, wrong word. Recapitulate! That's it. Let's recapitulate: The official docs are running on an unmaintained broken platform. If you manage to read them they are wrong. And the software to use has been abandoned a year ago, but is still suggested as default in the docs. Since signing is mandatory since the git migration, ahem, this means that no one in the last 5 months(!) actually followed the documentation (because that does NOT work!). I'm almost impressed, but, wow, this is enterprisey. So, what can we do to make this whole story of 'commit (and push) to repo/gentoo.git' make sense? And why do I appear to be the only one to notice this chain of breakage?! [1] http://wiki.gentoo.org [2] https://bugs.gentoo.org/show_bug.cgi?id=559530 [3] https://bugs.gentoo.org/show_bug.cgi?id=547536 [4] https://bugs.gentoo.org/show_bug.cgi?id=536744 [5] https://wiki.gentoo.org/wiki/Project:Gentoo-keys/Generating_GLEP_63_based_OpenPGP_keys [6] https://bugs.gentoo.org/show_bug.cgi?id=550848 [7] https://bugs.gentoo.org/show_bug.cgi?id=536338 [8] https://bugs.gentoo.org/show_bug.cgi?id=557090 [9] https://bugs.gentoo.org/show_bug.cgi?id=567768 [10] https://bugs.gentoo.org/show_bug.cgi?id=566782 [11] https://bugs.gentoo.org/show_bug.cgi?id=536316
