From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-92821-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id AA707138359
	for <garchives@archives.gentoo.org>; Thu,  8 Oct 2020 05:47:30 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id C8A97E0843;
	Thu,  8 Oct 2020 05:47:26 +0000 (UTC)
Received: from asona.a21an.org (asona.a21an.org [IPv6:2a01:7e00::f03c:91ff:fe96:53cb])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 5888BE0823
	for <gentoo-dev@lists.gentoo.org>; Thu,  8 Oct 2020 05:47:26 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by asona.a21an.org (Postfix) with ESMTP id 4C6KwX2W0Cz2pmt
	for <gentoo-dev@lists.gentoo.org>; Thu,  8 Oct 2020 05:47:24 +0000 (UTC)
X-Virus-Scanned: amavisd-new at a21an.org
Received: from asona.a21an.org ([127.0.0.1])
	by localhost (asona.a21an.org [127.0.0.1]) (amavisd-new, port 10026)
	with LMTP id 2iisTq6lWoLR for <gentoo-dev@lists.gentoo.org>;
	Thu,  8 Oct 2020 05:47:23 +0000 (UTC)
Received: from angelfall.a21an.org (unknown [85.99.112.87])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by asona.a21an.org (Postfix) with ESMTPSA id 4C6KwW4KBRz2pmQ
	for <gentoo-dev@lists.gentoo.org>; Thu,  8 Oct 2020 05:47:23 +0000 (UTC)
Date: Thu, 8 Oct 2020 08:47:04 +0300
From: Eray Aslan <eras@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [PATCH v2 4/6] app-crypt/openpgp-keys-miniupnp:
 Package keys used by miniupnp upst
Message-ID: <20201008054704.GA16114@angelfall.a21an.org>
References: <20201006121050.106011-1-mgorny@gentoo.org>
 <20201006121050.106011-4-mgorny@gentoo.org>
 <robbat2-20201006T180905-590395944Z@orbis-terrarum.net>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <robbat2-20201006T180905-590395944Z@orbis-terrarum.net>
X-Archives-Salt: 6a3db7fb-f091-4e59-8c24-2559a145859d
X-Archives-Hash: 98a93068ab6102a4d25d0058637986c0

On Tue, Oct 06, 2020 at 06:17:23PM +0000, Robin H. Johnson wrote:
> I'm worried about the proliferation of tiny packages just to convey the
> keys; and how versioning should work if upstream rotates their keys.

That was my initial reaction as well.  The app-crypt/openpgp-keys-* will
potentially double the number of packages in the tree.  We can probably
come up with a better design.

I agree with the need to make it easier for developers to check sigs
before signing the manifest btw.  Thanks for that

-- 
Eray