Re: [gentoo-dev] News Item: Portage rsync hardlink support

["M. J. Everitt" <m.j.everitt@iee.org>]

[-- Attachment #1.1: Type: text/plain, Size: 1651 bytes --]



On 08/07/18 18:34, Rich Freeman wrote:
> On Sun, Jul 8, 2018 at 9:02 AM Kristian Fiskerstrand <k_f@gentoo.org> wrote:
>> On 07/08/2018 08:53 AM, Michał Górny wrote:
>>> Is safe git syncing implemented already? If not, maybe finish it first and cover both with a single news item. Git is going to be more efficient here, so people may want to learn they have an alternative.
>> Why complicate things, and increase wait for something that benefits
>> most users, just to give alternatives to a few using non-default sync
>> mechanism. Securing git distribution is a whole different ballpark.
>>
> I'll agree that it is different, but we're talking about verification
> of the HEAD signature by infra, not verification of individual
> developer keys, which was the topic of the recent thread.
>
> Verification is already built-into portage for git syncing (but off by
> default).  The problem is that portage will still checkout the tree if
> it fails verification.  The patch is to do the verification before
> checking it out so that if it fails the tree is left in a
> last-known-good state (at least as seen by tools at the filesystem
> level - the fetched bad commits would still be visible to git).
>
Slightly radical thought here, but hear me out ..

Could we use this same functionality to be able to validate the tree
integrity with respect to CI testing? I mean, if the tree is 'broken'
could we have some kind of warning displayed perhaps? Something that
could be toggled (or default Off) would indeed be good, so that
users/devs can choose what level or 'standard' of tree state they're
prepared to accept.


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]