On 01/24/2018 12:56 AM, Michał Górny wrote: > Hi, everyone. > > Since the initial review of my patch lost focus, and lacked sufficient > context, here's the plan that I'd like to follow in order to initially > integrate gemato with portage and give our users secure checkouts by default. > > 1. Add postsync hook to Portage git. Eventually, it will be replaced by > direct Portage support. > > 2. Add IUSE=+rsync-verify to portage-9999 that controls installing the hook. > This will give users the ability to easily disable it without jumping through > cross package hoops. > > 3. Submit a news item for review that will explain how to initially verify > the keys on existing installations. > > The news item would be published when the hook hits a release. > > What do you think? If you agree, then I'll start writing the news item. >
For the sake of maintaining stable interfaces for users, I feel like we should add the repos.conf sync-rsync-verify setting for this is up-front. That way, we won't have to train people to use a new interface later. Also, eventually we have to do this anyway if we want portage to recognize the nature of the failure and react by quarantining the repository. -- Thanks, Zac
signature.asc
Description: OpenPGP digital signature