Hi Alec,
On 27.01.2018 22:58, Alec Warner wrote:
> > I noticed that we have 7 packages on Fedora wallpapers with names that
> > only explain themselves to Fedora insiders:
>
> So traditionally we follow upstream package naming. If we aim to
> deviate, I'd prefer we have strong reasons
On 02/01/2018 04:17 AM, Michał Górny wrote:
> Issue an explicit warning if the Manifest timestamp is 24 hours behind
> the system clock. This is meant to detect attacks based on preventing
> the user from upgrading.
> ---
> pym/portage/sync/modules/rsync/rsync.py | 6 ++
> 1 file changed, 6
W dniu czw, 01.02.2018 o godzinie 12∶50 -0800, użytkownik Zac Medico
napisał:
> On 02/01/2018 04:17 AM, Michał Górny wrote:
> > + except Exception as e:
> > + writemsg_level("!!! Manifest
> > verification failed:\n%s\n"
> > +
On 02/01/2018 04:17 AM, Michał Górny wrote:
> + except Exception as e:
> + writemsg_level("!!! Manifest
> verification failed:\n%s\n"
> + % (e,),
> +
On 02/01/2018 12:25 PM, Michał Górny wrote:
> Rename the openpgp_key_path attribute to sync_openpgp_key_path since
> Portage code assumes that attribute name matches config key.
> ---
> pym/portage/repository/config.py| 6 +++---
> pym/portage/sync/modules/rsync/rsync.py | 4 ++--
> 2
Fix sync-openpgp-key-path to be correctly inherited from system
repos.conf and preserved in repo dumps.
Bug: https://bugs.gentoo.org/646314
---
pym/portage/repository/config.py | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/pym/portage/repository/config.py
Rename the openpgp_key_path attribute to sync_openpgp_key_path since
Portage code assumes that attribute name matches config key.
---
pym/portage/repository/config.py| 6 +++---
pym/portage/sync/modules/rsync/rsync.py | 4 ++--
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git
---
pym/portage/sync/modules/git/git.py | 100 +---
1 file changed, 69 insertions(+), 31 deletions(-)
diff --git a/pym/portage/sync/modules/git/git.py
b/pym/portage/sync/modules/git/git.py
index 7e5ddf3b5..2b40db0fa 100644
---
Add a new sync-git-verify-commit-signature option (defaulting to false)
that verifies the top commit signature after syncing. The verification
is currently done using built-in git routines.
The verification passes if the signature is good or untrusted.
In the latter case, a warning is printed. In
Issue an explicit warning if the Manifest timestamp is 24 hours behind
the system clock. This is meant to detect attacks based on preventing
the user from upgrading.
---
pym/portage/sync/modules/rsync/rsync.py | 6 ++
1 file changed, 6 insertions(+)
diff --git
Load and update keys early to avoid delaying failures post rsync. Any
failure will prevent verification from happening, and presumably most of
the users will prefer fixing it and trying to sync again. For that case,
it is better to perform the task before actual rsync to avoid
unnecessarily
---
pym/portage/sync/modules/rsync/rsync.py | 66 -
1 file changed, 57 insertions(+), 9 deletions(-)
diff --git a/pym/portage/sync/modules/rsync/rsync.py
b/pym/portage/sync/modules/rsync/rsync.py
index 6b0280032..f6e59e211 100644
---
---
pym/portage/sync/modules/rsync/rsync.py | 11 ++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/pym/portage/sync/modules/rsync/rsync.py
b/pym/portage/sync/modules/rsync/rsync.py
index e2e6d0658..6b0280032 100644
--- a/pym/portage/sync/modules/rsync/rsync.py
+++
Hi,
Here's a batch of patches meant to be merged after the bugfix release.
They replace the calls to "gemato" executable with Python routine calls,
and further improve the security.
The notable improvements are:
1. New shiny e-style output ;-).
2. Manifest signature is always verified, even if
Always verify the Manifest signature if verification is enabled.
Skipping the deep tree verification for unchanged case is reasonable
but we need to make sure the Manifest signature stays valid to catch
the case of the signing key being revoked.
---
pym/portage/sync/modules/rsync/rsync.py | 13
On Thu, 1 Feb 2018 11:55:46 +0100
Andreas Fink wrote:
> Hello,
> I have a question to the patch provided by the package
> app-portage/elt-patches, namely the file as-needed/2.4.3
>
> Here I can see the following being added to ltmain.sh:
> +
Hello,
I have a question to the patch provided by the package
app-portage/elt-patches, namely the file as-needed/2.4.3
Here I can see the following being added to ltmain.sh:
+ -Wl,--as-needed|-Wl,--no-as-needed)
+ deplibs="$deplibs $arg"
+ continue
+ ;;
+
In my
Hi all!
Due to lack of time, I have to drop maintainership of games-engines/love.
There is some user interest in this package, and a version bump is
needed (bug 640802).
Best regards,
Chí-Thanh Christopher Nguyễn
18 matches
Mail list logo