From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.54) id 1Ek2hr-0002gm-CJ for garchives@archives.gentoo.org; Wed, 07 Dec 2005 17:03:51 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jB7H2PWv000582; Wed, 7 Dec 2005 17:02:25 GMT Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.186]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jB7GuFcR018444 for ; Wed, 7 Dec 2005 16:56:15 GMT Received: from [82.83.40.168] (helo=sven.genone.homeip.net) by mrelayeu.kundenserver.de (node=mrelayeu2) with ESMTP (Nemesis), id 0MKwtQ-1Ek2aU3yyf-0001Y6; Wed, 07 Dec 2005 17:56:15 +0100 Date: Wed, 7 Dec 2005 17:57:42 +0100 From: Marius Mauch To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [GLEP] Manifest2 format Message-ID: <20051207175742.628f9e61@sven.genone.homeip.net> In-Reply-To: <200512071615.55448.pauldv@gentoo.org> References: <20051206170453.6ab10367@sven.genone.homeip.net> <1133912350.3733.17.camel@cocagne.max-t.internal> <20051207040453.06f507ef@sven.genone.homeip.net> <200512071615.55448.pauldv@gentoo.org> Organization: Gentoo X-Mailer: Sylpheed-Claws 2.0.0-rc1 (GTK+ 2.8.8; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_NDGVT8up0xfH0xSDk/kEPal"; protocol="application/pgp-signature"; micalg=PGP-SHA1 X-Provags-ID: kundenserver.de abuse@kundenserver.de login:7e6c91d1b14dbccceb2f2166522fa0f6 X-Archives-Salt: 5bfd56dc-caaf-4295-b913-df955aa9b50b X-Archives-Hash: 61ba448f0142b2aaf464e7d8aa0af3a8 --Sig_NDGVT8up0xfH0xSDk/kEPal Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Wed, 7 Dec 2005 16:15:49 +0100 Paul de Vrieze wrote: > On Wednesday 07 December 2005 04:04, Marius Mauch wrote: > > As stated in the GLEP, gpg is outside the scope of this. As for the > > questions, per entry sigs would invert one of the main goals (size > > reduction). And so far I haven't seen any sufficient answer to > > questions I raised on -core and -portage-dev regarding the > > transaction/stacked/fragmented/whatever-you-want-to-call-it Manifest > > signing proposed by Robin, so I'm still quite against it. >=20 > Per entry sigs make no sense in the current design. All ebuilds can > touch all files, and so the complete manifest should be verified. > This means that the whole manifest should be signed. >=20 > Having said that, I would like to argue that this GLEP be implemented > only together with gpg signing the manifest. Doing otherwise would > require another change in the manifest format in a short time. If the > manifest format has optional signing that would also be ok. Just > align the requirements and make manifest2 and the gpg signing of it > compatible. Signing is already implemented and independent of the Manifest format. It's just not yet mandatory due to the missing key policy. Marius --=20 Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better. --Sig_NDGVT8up0xfH0xSDk/kEPal Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDlxSPWzrL1pM7SNcRAuySAJ9HWVX1yhV8ayBFVOZNYt3SjcQebwCgjFgh jZwuBGD0VBopg9/9uq1N2eE= =RS6I -----END PGP SIGNATURE----- --Sig_NDGVT8up0xfH0xSDk/kEPal-- -- gentoo-dev@gentoo.org mailing list