From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A6162138239 for ; Sun, 8 Jul 2018 21:59:54 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6E666E0933; Sun, 8 Jul 2018 21:59:49 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id F0299E091B for ; Sun, 8 Jul 2018 21:59:48 +0000 (UTC) Received: from [192.168.0.30] (ip68-4-233-67.oc.oc.cox.net [68.4.233.67]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: zmedico) by smtp.gentoo.org (Postfix) with ESMTPSA id 235D9335C63; Sun, 8 Jul 2018 21:59:48 +0000 (UTC) Subject: Re: [gentoo-dev] News Item: Portage rsync hardlink support To: gentoo-dev@lists.gentoo.org, "Aaron W. Swenson" References: <7594901D-54AF-4100-A1B8-7CEA2D1CC82D@gentoo.org> <1339caeb-06fc-c28b-2bd1-2186b0d25f5a@gentoo.org> <1531058219.1553.1.camel@gentoo.org> <1531075350.1553.9.camel@gentoo.org> <853058f4-5634-672a-3655-c9a2ece014e7@gentoo.org> <1531080494.10985.0.camel@gentoo.org> <9d259064-4908-0c86-b207-b695ec266bb7@gentoo.org> <1531084701.10985.1.camel@gentoo.org> From: Zac Medico Openpgp: preference=signencrypt Autocrypt: addr=zmedico@gentoo.org; prefer-encrypt=mutual; keydata= xsFNBFs7tmwBEADTzG+IcYtRfTfKryU7sUH7LlV1M+TdaCMfIkY4x6RyHXkaaqYuQ+U9HKn0 +m5FcZsZ1Ojik+We3Tz0F6kDbam6EWzBxmsLb/IHeUEsvsuLzuBQjiD9zzqGocZiPWr+uWJs AdbueS72R7FPXJPDUEPrJ9GdhGFyYARveY9cmdisOwcDOiSFfBjk3/89t4gROn4KUhezVuO9 VS14gVSns1561CJjlB47HkSBu4+FuzrfVygg4xitWAH119Ehw0vJcgkTw4Bqhk01Iw9us80m dFyU8JbJ0CVYe30gYKFFbnXoiT6xLLogKOkv0goPFxaXcMwWM9ei3SjAGVqgN6i8VnO7kquV LwkTe6ntEK0iY+l4qTKuyIOQLpCbWNI0eVwlx5b/pY2pt5TEGWAPMCZGjlidMx0aDcVX4oji 2/xegFAcxALrfOX3kj2FZ9kNAqLZu26AfqtslIqlBEAb5sZwPr351msBIdbaWX2UNw21I478 7eQ7UfohwXQHlXdhc/wop3VDkDzLBnvlK4ozSJI/9T5F/+9yEZvc6DKUWdEfD12o2El5hHan gCUQWDBKqZb1wcekK8KY2tmH8BBQi7k52IWYLJYfJdir/XpGm5SsDpf3zvDcIFXqFHAG7w7b fhriM+6oBOeIO9ew1Xj3swbRhDwdzRUhu7Uqayq1vdvKqGkgcQARAQABzSNaYWNoYXJ5IE1l ZGljbyA8em1lZGljb0BnZW50b28ub3JnPsLBlAQTAQgAPhYhBEdYrNjamv1GpqYECtYQzzch 54rNBQJbO7cRAhsDBQkFo5qABQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJENYQzzch54rN dr8P/0GA7TSMQFmrLPYdhevMmL4i+xWv4nlVqw0WRzJA+4M/Dw6mG/scqm+sQiRzyWgMUwJv EdC3KunW1deE3b2zZROgrTDL2DZiUdj3bhG3TBdnbx189G/DhTvDiW7u5DrOwWGrjFuOBBdR acjjGU5EnWJ0aihjBkkX1AeBFeq2rFD7zOnERGa+yJNWwIlX/PYTgJiixK6+qQFqPXH9xaxw iaE9nShXlbas4CM5q78PwxjLQALSjKHpA3lA0u68hCZZT623RDq2elhVNBTSS2JpAJ+NbU7z JY7129p6vmVLBTeZ52piTjekTKLngIk2TppIc9XoO9344qYdC+1RJhIQRf+QCpMoy6YaKdTV U7rX/+pK9QtngaEIHfiGch5SVGxKxGlIsjONgjWC471KhwAJjKABxNmEcfJvbUKYxEPlJspo 3oG53ki79ymrccMPs54R65CBKr6eF8zKhqjZPozjc32weMMEYwA2dY+GMx4lTn5y7FaG6RAt 2wyb678KTKJi+ITPFAOUzVJhl6S9mk1RVSoqj6nvEgJ26h4Xrrh9FsoFmxUDsakGQv93CrxG 0srAezKH1duSZ//FMq3XP7JHPgw0yGphSTTt6hyE6jRqRxJOJ+/5vlqGSg0K7KBQoWJPwTQs XRfqYOMzQ90dQFdvF2ASZ0Rs/IU3JLh5l7ankxg2zsFNBFs7tmwBEACfZb/EePObKC8tuVFl IMQaTRzm7q5THbwQvbdKdw/31cdYJaZZ7BFgnSBq2CBYDPxcm+TxvvjgNTam8kZGdEpCm3/v P1YdJSoiYbisJubV7JiAOoAmGtaDOVX5thpv28HL17wqK2d5jgqMTLFeT3hyaro5cjGAQlhT NOyfwVkdFMFLjOhGzq7aki4UZ9ieS/IedoyZvOblf79d5PV1xI0mf2w5yoHcfZRv7nwI9XMz nqlgC9/RQP7O+WfCl2pl9gyd0hc3uqUWl0ke9xHvVxlEdORH/f+OzeybYj9r80GkC6MeqiG8 qzuWO0IZZ5Gvzwkq0KgRAefr9Z/4vmyOiVhJrvk1gLp6VEdB54fUO3MG/PcnYiasRJOUwRQQ 1+q25w5i9ooZRk0LQ6oNnWbeVj+Pwn0mzL0/GjkdPsYclxzOLSlRAwkisepVl62L2m+XwXsZ j9DS3vIHEbbfCmKayBuGCXQEpJMmEnGqFLnOzv29cOutm3BnGXcWAg5aJjiV5PKEmr/4g9/E J8lphGnNCRQ2DvUzO1tlHpmT+JvDBwAgo5rfq5wjjeiS578kAgPoitOBzp/z5YM5FXX+shEd i5/ratErb9ysUfr3Z45YV3yM6MHgCpEg8+5k6fM6ey4tRnxXAYdJ4XzaSyML9fsnEg9aVaCP iRl+fuLSuF1QJf7LwwARAQABwsF8BBgBCAAmAhsMFiEER1is2Nqa/UampgQK1hDPNyHnis0F Als7trcFCQHhM8sACgkQ1hDPNyHnis0Wdw/9ERSLUHWjGW+oRJPC80RsSZO+9gbdo6AT8GP0 L3S1M60d/C4Pp9lT7sGvN31Q2h4/i1AGz2vsvjA4RUwuWI/M2F660ZmqbuLA4BbS/gjA+Wrf ZB8TDEoy7k0IO+ga0J6ENgxSOk0w1ZS+LYVrM8r7C73ZckAU2aknGOHvfIdRocpb464/JA+j kP8ENcXA0NVT17Te6K3OxpN3fBsHP7w9zbYaV3Ex3suXhLx0/+xxjLPTfwobEy3kTv5Qqumq Ph7TlXvc/9Ku4GwgAFUscLG5ZhsDULIWsRr0tyum0IYI3lpQnMykZiDCoiq7HETTwJeZPpJk PlVc7Qyy0eqcKyoiqd/ttr5tPwRFWk4OYmqzZFiZZ6sG7Zw68UXKHuhCV1MgXKPqS3M8Q6V+ nGL+ZwLE1GkvqwaPgn7uzJpfO+HzoWn3yxjNvh5plsZbM/kqCTMyByB0LQPZdjkO30GvV6dU wamblYkpytpZ5cmbIRITzsxPkOuWwXkLoz6y664JfH/Te3xVQ2rqZkuDCFrwy5nOqk92w7OY WGqyDOSL4tyCdcsXVoF5HXcHQLTv5WzCQ2MAQUW6zflyirYygTfJ3ds5mk5/J52UKEhIHPzJ Hc26Ubfvo38XuE0FJjb7xoZzCoSTpCVZ2H0f2cJOBLEVN9bnbelNlmp0m6mPAHfDrfsVR/s= Message-ID: <93d09e4b-a3b3-7550-49f5-4d9b134f2a35@gentoo.org> Date: Sun, 8 Jul 2018 14:59:45 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.2 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="CIZ3HYOO6zYSH4JXfXEu5TF9RNoHCNVqg" X-Archives-Salt: 224ea30d-858d-42f9-819f-0c7dbaf0f149 X-Archives-Hash: d3f878970476c59809cb1f1a7913ca99 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --CIZ3HYOO6zYSH4JXfXEu5TF9RNoHCNVqg Content-Type: multipart/mixed; boundary="S7iVbyTN2EKtMVR3Pr6crn27W4C7oMkcj"; protected-headers="v1" From: Zac Medico To: gentoo-dev@lists.gentoo.org, "Aaron W. Swenson" Message-ID: <93d09e4b-a3b3-7550-49f5-4d9b134f2a35@gentoo.org> Subject: Re: [gentoo-dev] News Item: Portage rsync hardlink support References: <7594901D-54AF-4100-A1B8-7CEA2D1CC82D@gentoo.org> <1339caeb-06fc-c28b-2bd1-2186b0d25f5a@gentoo.org> <1531058219.1553.1.camel@gentoo.org> <1531075350.1553.9.camel@gentoo.org> <853058f4-5634-672a-3655-c9a2ece014e7@gentoo.org> <1531080494.10985.0.camel@gentoo.org> <9d259064-4908-0c86-b207-b695ec266bb7@gentoo.org> <1531084701.10985.1.camel@gentoo.org> In-Reply-To: --S7iVbyTN2EKtMVR3Pr6crn27W4C7oMkcj Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 07/08/2018 02:50 PM, Aaron W. Swenson wrote: > On July 8, 2018 5:38:48 PM EDT, Zac Medico wrote: >=20 > On 07/08/2018 02:18 PM, Micha=C5=82 G=C3=B3rny wrote: >=20 > W dniu nie, 08.07.2018 o godzinie 14=E2=88=B611=E2=80=89-0700, = u=C5=BCytkownik Zac Medico > napisa=C5=82: >=20 > On 07/08/2018 01:18 PM, Zac Medico wrote: >=20 > On 07/08/2018 01:08 PM, Micha=C5=82 G=C3=B3rny wrote: >=20 > W dniu nie, 08.07.2018 o godzinie 11=E2=88=B657=E2=80= =89-0700, > u=C5=BCytkownik Zac Medico > napisa=C5=82: >=20 > On 07/08/2018 11:42 AM, Micha=C5=82 G=C3=B3rny = wrote: >=20 > W dniu nie, 08.07.2018 o godzinie 11=E2=88=B6= 04=E2=80=89 > -0700, u=C5=BCytkownik Zac Medico > napisa=C5=82: >=20 > On 07/08/2018 06:56 AM, Micha=C5=82 G=C3= =B3rny wrote: >=20 > W dniu nie, 08.07.2018 o godzinie > 15=E2=88=B602=E2=80=89+0200, u=C5=BC= ytkownik Kristian > Fiskerstrand napisa=C5=82: >=20 > On 07/08/2018 08:53 AM, Micha=C5= =82 > G=C3=B3rny wrote: >=20 > Is safe git syncing > implemented already? If not= , > maybe finish it first and > cover both with a single > news item. Git is going to > be more efficient here, so > people may want to learn > they have an alternative. >=20 >=20 > Why complicate things, and > increase wait for something tha= t > benefits > most users, just to give > alternatives to a few using > non-default sync > mechanism. Securing git > distribution is a whole > different ballpark. >=20 >=20 >=20 > Let me rephrase. Let's say I'm usin= g > rsync. This new feature is > something positive but it breaks my= > use case (for one of the listed > reasons -- overlayfs, inode use, > small fs cache). After reading this= > news item, I learn that my only > option is to disable the new featur= e. >=20 > Now, I would appreciate being told > that there's an alternate sync meth= od > that handles secure updates without= > having all those drawbacks. >=20 >=20 > The thing is, the normal git tree > doesn't even provide pre-generated > metadata, and I see then gentoo-mirror > repo that provides metadata does > not have commits signed with an release= key: >=20 > https://github.com/gentoo-mirror/gentoo= /commits/stable >=20 > So I'm really not comfortable > recommending git to anyone at this poin= t. >=20 >=20 > Wrong twice. >=20 > Firstly, the canonical URL is: >=20 > https://anongit.gentoo.org/git/repo/sync/ge= ntoo.git > (https://gitweb.gentoo.org/repo/sync/gentoo= =2Egit) >=20 > Secondly, the merge commits (i.e. top > commits that are verified > by Portage) are signed by dedicated key tha= t > is part of the infra key > set. In other words, it works out of the bo= x. >=20 >=20 > Is there any documentation that shows users how= > to migrate to git, and > what the pros and cons might be? Maybe its > worthy of its own news item. >=20 >=20 > Maybe. I don't really know, and don't think it's a > good idea to show 30 > news item of things users might like on every new > Gentoo install. >=20 >=20 > Well if instructions for setting up git sync and > associated pros/cons > are not documented anywhere then I won't advise anyone > to use it. >=20 >=20 > I've attempted to configure it for myself, and this is what= > it does: >=20 > * Using keys from /usr/share/openpgp-keys/gentoo-release.as= c > * Refreshing keys from keyserver ... > [ ok ] > * No valid signature found: unable to verify signature > (missing key?) >=20 >=20 >=20 > Please report a bug and attach your configuration along with ke= yring > version. >=20 >=20 > It works after upgrading to openpgp-keys-gentoo-release-20180706 fr= om > openpgp-keys-gentoo-release-20180323. >=20 >=20 > Does Portage not call attention to critical updates? No, but that might be a nice feature. We'd have to introduce some kind of standard mechanism via PMS or a GLEP. > It used to make a special statement for a new stable Portage and > strongly recommended that it be emerged first. It should probably do th= e > same for openpgp-keys-gentoo-release. Sure, but it this case we have a chicken-and-egg problem, because I needed the latest openpgp-keys-gentoo-release installed but in order to do that I had to sync, but then verification failed because I didn't have the latest openpgp-keys-gentoo-release. --=20 Thanks, Zac --S7iVbyTN2EKtMVR3Pr6crn27W4C7oMkcj-- --CIZ3HYOO6zYSH4JXfXEu5TF9RNoHCNVqg Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQKTBAEBCgB9FiEE8OgXaltWzqgSupCu0HX7jBBKPSAFAltCiVFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEYw RTgxNzZBNUI1NkNFQTgxMkJBOTBBRUQwNzVGQjhDMTA0QTNEMjAACgkQ0HX7jBBK PSBXKhAAvCsIXIVamsAsyhIeu79jRblBpm6a9AQNyKlFH+DHR/DbflGZ2RiIe0+6 ujjZ3pU2omQlIGEHPEk1tPU9L7lUD87T9IRh7Z+bdeN2fvFQ2tdSJ+iAYPqXiM87 bHDDh0nANOsId7l9NZTRrWme2kdErHjhJBC0kWFBp7/jOFAqe0QXp/yds2bhXfX5 GA2rnn0JBLypnUfOSnRujuO6eHiWKncPd+rlDaO+07Ju1JOKAvU5F+/aUGPoUKkz A3EEOCo8QH4ypw7GMbX/YRZT9xTF4ZR1RxN8QrJ3ANoA+boKeZjF3VAJomKPsmMu y9/JyLhInyVW7KA+wAeV2/sadMZxq7DBIbeF7vLhM9YvlAOoR4tg3LAdcs/G1hYp 7kc0PU8xCyIBDQttooiM6r0XTdzVw5bcjqJjE8FZN0NbhHDrZBs+BzamEpsgFdVc sk7YqPI6C40Vc5o+2YkzD/M/tAfYR84ubD0LPEg1s9D6ExDD48FuehX8sndpri7s //3XauGebVa57jWlrbhiKqcYckFVcypxAqUfuQOfe7/7+axk9NgcHqUDmKvyaORl Thcw/K3My9Wm9oDzOUyQPDEocQPFsc/T7VcgZPOiWWl1yEJ8smRaUflqwSolC4CB QlaRSRrfxLdEIX2jExLulKiqS5t7pWaJVneTB2X+NkAPHTETBh0= =8HNw -----END PGP SIGNATURE----- --CIZ3HYOO6zYSH4JXfXEu5TF9RNoHCNVqg--