I had a great time at this, i'm no gentoo dev but from the pictures the
gentoo-meet-and-greet seemed to do well, too bad i couldnt have been
there. I only went up the first day of the expo and i guess things got
much better the later days.

On Sun, 2005-02-20 at 19:14 -0500, Aron Griffis wrote:
> Brian Harring wrote:	[Sun Feb 20 2005, 05:33:40PM EST]
> > Err... enforcement in terms of forcing devs to sign everything?
> > That is only part of the pie.  Take a _hard_ look at eclasses.
> > Then, take an even _harder_ look at profile bashrc's, and what they
> > technically are capable of, and the fact that all installations use
> > a profile (atm, there isn't a common profile that all inherit from,
> > but at some point it may occur).
> 
> Oh yeah.  I, um, forgot all that ;-)
> 
> > So yeah.  Assuming glep33 is greenlighted (a touch up will be posted
> > in the next few days of it), eclass/elib signing I'll be handling.
> > Profile signing is another beast that's needed, and help would be
> > appreciated (as always, clean patches/discussion of how to do it
> > properly/etc is always welcome).
> > 
> > Beyond that, to save the portage devs sanity from people screaming
> > "SHA1 is broken!" (it's not, just weakened), I'll be looking at
> > centralizing, and making the digest code a bit more pluggable-
> > basically do a handler setup, mapping a CHF to a function... 
> 
> Cool, thanks for the reminder/update on these issues.  Regarding
> profile signing... how about putting a (signed) manifest in each
> directory under portage/profiles?  Only stuff in the immediate
> directory would be included, not the subdirs.
> 
> Regards,
> Aron
> 
> --
> Aron Griffis
> Gentoo Linux Developer
>