From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-47945-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1R9MPs-0008CM-SL
	for garchives@archives.gentoo.org; Thu, 29 Sep 2011 19:37:09 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3FC3121C082;
	Thu, 29 Sep 2011 19:36:58 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 046EE21C051
	for <gentoo-dev@lists.gentoo.org>; Thu, 29 Sep 2011 19:36:22 +0000 (UTC)
Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id 78F7C1B401A
	for <gentoo-dev@lists.gentoo.org>; Thu, 29 Sep 2011 19:36:22 +0000 (UTC)
Received: (qmail 20972 invoked by uid 10000); 29 Sep 2011 19:36:22 -0000
Date: Thu, 29 Sep 2011 19:36:22 +0000
From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Re: Manifest signing
Message-ID: <robbat2-20110929T192830-577785968Z@orbis-terrarum.net>
References: <4E848879.2050100@gentoo.org>
 <20110929150957.GD704@gentoo.org>
 <pan.2011.09.29.19.08.29@cox.net>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <pan.2011.09.29.19.08.29@cox.net>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: 
X-Archives-Hash: cf9a606b8e0c5eafcf8a4c6753c5bb2c

On Thu, Sep 29, 2011 at 07:08:29PM +0000, Duncan wrote:
> Beyond that, IMO it's now at the "needs a proposal champion to clean it 
> up and present it to the council" stage, at least at the "council 
> declared priority" level for getting the requirements into repoman, the 
> CVS server, and perhaps the PMs (I don't know what stage they're at, 
> possibly all they need is a switch flipped?).
It doesn't need cleaning up. I wrote the tree-signing GLEPs a few years
ago, and those were approved by the council, really they just need
updating to a recent Portage and usage.

They provide better support than just getting every developer to sign
the Manifests, because to do so while eclasses are unsigned is a giant
security hole. MetaManifest in the proposal covers that by getting the
entire tree to a state of being signed.

> Talking about which, at the PM user level, is there a per-repo/overlay 
> switch?  If not, it should strongly be considered.
Yes. See layout.conf/repo.conf. Also controls usage of thin Manifests.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85