On Monday 16 November 2015 17:21:07 Martin Vaeth wrote:
>cov...@ccs.covici.com <cov...@ccs.covici.com> wrote:
>> I have thinmanifests=true as specified in some news item or post, I
>> think this was a mandatory change some time ago using rsync.
>
>If you really use rsync/webrsync and not git, this is unlikely:
>The file containing this line (metadata/layout.conf) should be
>overridden at every rsync (unless you took special measures,
>but this was certainly never recommended).
>
>> They figured the ebuilds sync anyway so no reason for the
>> manifests to have them.
>
>It is not about syncing but about security (checksums with
>signatures should safe you from MITM and even compromised
>servers). Thin-manifests was only meant for git, because git
>already contains checksums ('though only less secure sha1,
>but that's a different story), so it was decided that no
>duplicate checksums are needed for git.
>For *rsync* the situation is different.Don't forget that in Gentoo all commits are also GPG signed. -- Marc Joliet -- "People who think they know everything really annoy those of us who know we don't" - Bjarne Stroustrup
signature.asc
Description: This is a digitally signed message part.
