From: Zac Medico <zmedico@gentoo.org>
To: gentoo-dev@lists.gentoo.org, "Aaron W. Swenson" <titanofold@gentoo.org>
Subject: Re: [gentoo-dev] News Item: Portage rsync hardlink support
Date: Sun, 8 Jul 2018 14:59:45 -0700 [thread overview]
Message-ID: <93d09e4b-a3b3-7550-49f5-4d9b134f2a35@gentoo.org> (raw)
In-Reply-To: <A6822997-D0E8-41C6-97BE-54BB458B71B4@gentoo.org>
[-- Attachment #1.1: Type: text/plain, Size: 6553 bytes --]
On 07/08/2018 02:50 PM, Aaron W. Swenson wrote:
> On July 8, 2018 5:38:48 PM EDT, Zac Medico <zmedico@gentoo.org> wrote:
>
> On 07/08/2018 02:18 PM, Michał Górny wrote:
>
> W dniu nie, 08.07.2018 o godzinie 14∶11 -0700, użytkownik Zac Medico
> napisał:
>
> On 07/08/2018 01:18 PM, Zac Medico wrote:
>
> On 07/08/2018 01:08 PM, Michał Górny wrote:
>
> W dniu nie, 08.07.2018 o godzinie 11∶57 -0700,
> użytkownik Zac Medico
> napisał:
>
> On 07/08/2018 11:42 AM, Michał Górny wrote:
>
> W dniu nie, 08.07.2018 o godzinie 11∶04
> -0700, użytkownik Zac Medico
> napisał:
>
> On 07/08/2018 06:56 AM, Michał Górny wrote:
>
> W dniu nie, 08.07.2018 o godzinie
> 15∶02 +0200, użytkownik Kristian
> Fiskerstrand napisał:
>
> On 07/08/2018 08:53 AM, Michał
> Górny wrote:
>
> Is safe git syncing
> implemented already? If not,
> maybe finish it first and
> cover both with a single
> news item. Git is going to
> be more efficient here, so
> people may want to learn
> they have an alternative.
>
>
> Why complicate things, and
> increase wait for something that
> benefits
> most users, just to give
> alternatives to a few using
> non-default sync
> mechanism. Securing git
> distribution is a whole
> different ballpark.
>
>
>
> Let me rephrase. Let's say I'm using
> rsync. This new feature is
> something positive but it breaks my
> use case (for one of the listed
> reasons -- overlayfs, inode use,
> small fs cache). After reading this
> news item, I learn that my only
> option is to disable the new feature.
>
> Now, I would appreciate being told
> that there's an alternate sync method
> that handles secure updates without
> having all those drawbacks.
>
>
> The thing is, the normal git tree
> doesn't even provide pre-generated
> metadata, and I see then gentoo-mirror
> repo that provides metadata does
> not have commits signed with an release key:
>
> https://github.com/gentoo-mirror/gentoo/commits/stable
>
> So I'm really not comfortable
> recommending git to anyone at this point.
>
>
> Wrong twice.
>
> Firstly, the canonical URL is:
>
> https://anongit.gentoo.org/git/repo/sync/gentoo.git
> (https://gitweb.gentoo.org/repo/sync/gentoo.git)
>
> Secondly, the merge commits (i.e. top
> commits that are verified
> by Portage) are signed by dedicated key that
> is part of the infra key
> set. In other words, it works out of the box.
>
>
> Is there any documentation that shows users how
> to migrate to git, and
> what the pros and cons might be? Maybe its
> worthy of its own news item.
>
>
> Maybe. I don't really know, and don't think it's a
> good idea to show 30
> news item of things users might like on every new
> Gentoo install.
>
>
> Well if instructions for setting up git sync and
> associated pros/cons
> are not documented anywhere then I won't advise anyone
> to use it.
>
>
> I've attempted to configure it for myself, and this is what
> it does:
>
> * Using keys from /usr/share/openpgp-keys/gentoo-release.asc
> * Refreshing keys from keyserver ...
> [ ok ]
> * No valid signature found: unable to verify signature
> (missing key?)
>
>
>
> Please report a bug and attach your configuration along with keyring
> version.
>
>
> It works after upgrading to openpgp-keys-gentoo-release-20180706 from
> openpgp-keys-gentoo-release-20180323.
>
>
> Does Portage not call attention to critical updates?
No, but that might be a nice feature. We'd have to introduce some kind
of standard mechanism via PMS or a GLEP.
> It used to make a special statement for a new stable Portage and
> strongly recommended that it be emerged first. It should probably do the
> same for openpgp-keys-gentoo-release.
Sure, but it this case we have a chicken-and-egg problem, because I
needed the latest openpgp-keys-gentoo-release installed but in order to
do that I had to sync, but then verification failed because I didn't
have the latest openpgp-keys-gentoo-release.
--
Thanks,
Zac
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 981 bytes --]
next prev parent reply other threads:[~2018-07-08 21:59 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-07-08 6:08 [gentoo-dev] News Item: Portage rsync hardlink support Zac Medico
2018-07-08 6:53 ` Michał Górny
2018-07-08 7:14 ` Zac Medico
2018-07-08 9:15 ` Michał Górny
2018-07-08 9:21 ` Zac Medico
2018-07-08 9:30 ` M. J. Everitt
2018-07-08 13:02 ` Kristian Fiskerstrand
2018-07-08 13:56 ` Michał Górny
2018-07-08 18:04 ` Zac Medico
2018-07-08 18:42 ` Michał Górny
2018-07-08 18:57 ` Zac Medico
2018-07-08 20:08 ` Michał Górny
2018-07-08 20:18 ` Zac Medico
2018-07-08 21:11 ` Zac Medico
2018-07-08 21:18 ` Michał Górny
2018-07-08 21:38 ` Zac Medico
2018-07-08 21:50 ` Aaron W. Swenson
2018-07-08 21:59 ` Zac Medico [this message]
2018-07-09 5:17 ` Zac Medico
2018-07-09 8:04 ` Kristian Fiskerstrand
2018-07-08 22:00 ` Rich Freeman
2018-07-08 17:34 ` Rich Freeman
2018-07-08 17:43 ` M. J. Everitt
2018-07-08 17:50 ` Kristian Fiskerstrand
2018-07-08 18:10 ` Rich Freeman
2018-07-08 18:31 ` Kristian Fiskerstrand
2018-07-08 19:00 ` Rich Freeman
2018-07-08 9:28 ` Toralf Förster
2018-07-08 9:34 ` Zac Medico
2018-07-08 13:00 ` Kristian Fiskerstrand
2018-07-09 3:21 ` [gentoo-dev] News Item: Portage rsync hardlink support [v2] Zac Medico
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=93d09e4b-a3b3-7550-49f5-4d9b134f2a35@gentoo.org \
--to=zmedico@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
--cc=titanofold@gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox