From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-44937-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Q2uKi-0001IK-9C
	for garchives@archives.gentoo.org; Thu, 24 Mar 2011 23:52:52 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 2A8111C13E;
	Thu, 24 Mar 2011 23:52:44 +0000 (UTC)
Received: from mail-iw0-f181.google.com (mail-iw0-f181.google.com [209.85.214.181])
	by pigeon.gentoo.org (Postfix) with ESMTP id 825E21C13A
	for <gentoo-dev@lists.gentoo.org>; Thu, 24 Mar 2011 23:52:10 +0000 (UTC)
Received: by iwn2 with SMTP id 2so580034iwn.40
        for <gentoo-dev@lists.gentoo.org>; Thu, 24 Mar 2011 16:52:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=gamma;
        h=domainkey-signature:mime-version:sender:in-reply-to:references:from
         :date:x-google-sender-auth:message-id:subject:to:content-type
         :content-transfer-encoding;
        bh=u3Z/H1KZ9PgOTJL6JYq7W3rZy36u+HblTbcfpezJU3g=;
        b=nSPegX5A134WbmXcfklcXr7YMAOyAj6pg0S69xqL2ECm0yvkFxvwDzjMuBLcxmPgsc
         +K9npWoXLZT+xrz2SVGhC0rFfo2mhyv2QLmzgdcyh+AmuZek1/Ugdrcd51M9B/hJTVr6
         1P2AWddgNq16Q1Q1HLrKjkabxkAr7DUgQ4Yqg=
DomainKey-Signature: a=rsa-sha1; c=nofws;
        d=gmail.com; s=gamma;
        h=mime-version:sender:in-reply-to:references:from:date
         :x-google-sender-auth:message-id:subject:to:content-type
         :content-transfer-encoding;
        b=f5e0bCTqGylKkRbllpPyt1VhcQZsR4/Jgxb2AMR+z0ej3E8bWDlhc33HokL3z8fiDf
         tM3e8F84jKNis6sJZLrFFEJhZGAYzWTDz/MylfnHSyXQ+pFVxKkiUELuzq8hzQBkaZJP
         BQpbdkucSUHYcjfFvkimAmcEeTEvqHsIKKenc=
Received: by 10.42.134.132 with SMTP id l4mr167754ict.13.1301010730104; Thu,
 24 Mar 2011 16:52:10 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Sender: vapierfilter@gmail.com
Received: by 10.231.11.195 with HTTP; Thu, 24 Mar 2011 16:51:50 -0700 (PDT)
In-Reply-To: <4D8BC8E4.1080104@gentoo.org>
References: <AANLkTi=4o69ytUxAVpy-O31AWQv-5p4bEWD2466NWYGx@mail.gmail.com> <4D8BC8E4.1080104@gentoo.org>
From: Mike Frysinger <vapier@gentoo.org>
Date: Thu, 24 Mar 2011 19:51:50 -0400
X-Google-Sender-Auth: LLJD5rAeIfeXAtXV4M9AfclLN9g
Message-ID: <AANLkTikvp7mS26t-cMsth=OU7Ni=4meErZWXLBD=yuwg@mail.gmail.com>
Subject: Re: [gentoo-dev] rejecting unsigned commits
To: gentoo-dev@lists.gentoo.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 
X-Archives-Hash: 30bc1c066f73f56eafadbc08224c3b97

On Thu, Mar 24, 2011 at 6:42 PM, R=E9mi Cardona wrote:
> PS, wasn't manifest-signing supposed to become moot once we moved to git?

not in the least.  git only provides SHA1 which is not
cryptographically strong, and we will still be mirroring only the
latest checkout via rsync.  the hashs in git require the entire tree
in order to validate.
-mike