On Monday, 1 August 2022 10:43:55 BST tastytea wrote: > On 2022-08-01 07:58+0100 Michael <confabul...@kintzios.com> wrote: > > […] > > > > 2. These days rsync uses hashes and gpg to check the integrity of > > portage and will flag up a warning in case of file tampering, or > > corrupt data. As far as I know such a solution doesn't exist with > > git. > > Verification can be turned on with > sync-git-verify-commit-signature = yes > in repos.conf.[1] This does not seem to be enabled by default.[2] > > [1] > <https://wiki.gentoo.org/wiki/Project:Portage/Repository_verification#git> > [2] <https://wiki.gentoo.org/wiki/Portage_Security#git-mirror_repositories>
I see ... this is an improvement from what I recall it to be. Thanks for pointing it out. Perhaps I should start using git again. :-)
signature.asc
Description: This is a digitally signed message part.
