[gentoo-project] Re: [gentoo-dev] Manifest signing

[gentoo-project] Re: [gentoo-dev] Manifest signing

[Tony "Chainsaw" Vroon]

On 29/09/11 16:02, Anthony G. Basile wrote:
> Is there any chance that we can agree to reject
> unsigned manifests?  Possibly a question for the Council to adjudicate?

I am happy to back a mandatory signing policy for the main gentoo-x86
tree. This is a simple yes or no question that the council can vote on.

Regards,
Tony V.

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Patrick Lauer]

On 09/29/11 17:04, Tony "Chainsaw" Vroon wrote:
> On 29/09/11 16:02, Anthony G. Basile wrote:
>> Is there any chance that we can agree to reject
>> unsigned manifests?  Possibly a question for the Council to adjudicate?
> 
> I am happy to back a mandatory signing policy for the main gentoo-x86
> tree. This is a simple yes or no question that the council can vote on.

As previously discussed it would be nice to have some basic key policies
in place for that - they can be changed at any later time, but for now
we could agree on basic parameters like, say -

at least 1024bit key length
at least 6 months validity from creation
one or more algorithms (initially DSA signatures and SHA1 hashing)

Otherwise some funny person will use a 4-bit key that expires tomorrow
just to point out the missing details ...


Another point: Currently we do NOT sign eclasses and profiles.
So before such a policy becomes mandatory we need to figure out how to
handle that, otherwise we can't enforce it

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Rich Freeman]

On Thu, Sep 29, 2011 at 11:11 AM, Patrick Lauer <patrick@gentoo.org> wrote:
> Otherwise some funny person will use a 4-bit key that expires tomorrow
> just to point out the missing details ...
>

<div mode=rant>
I think this is becoming a big problem with Gentoo.  There is
something to be said for planning, but I think we have a tendency to
bikeshed things to death before we do ANYTHING.

All because when somebody goes and uses a 4-bit key we feel some kind
of paralysis about taking action.  People that take obvious steps to
skirt policies should simply be disciplined.  I'm not talking about
the guy with an old 512-bit key or whatever, or people that change
after being asked nicely to do so.  When it is obvious that people are
just messing with the distro to prove a point then they are excluding
themselves from the community.

We allow ourselves to be held hostage to anybody who can find a
loophole in the rules, and that just leads to 40 bazillion rules and
refusal to move forward until we have at least 50 rules to start with.
 If a rule is stupid just say it.  If you think a council member who
voted for it is stupid, be polite but call them on it.  What we don't
do is just ignore the rules, or try to end-run them.
</div>

I'd just encourage the council to not wait for the perfect
specification to move forward with this or anything else.  I applaud
efforts like PMS and I think they add value.  However, specs/rules are
a tool to serve the community, and not enslave us.

Why not just keep this simple:
1.  Key >= 1024 bits.
2.  Validity >= 6 months.
3.  Signature readable by stable gpg in tree.

Rich

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Tony "Chainsaw" Vroon]

On 29/09/11 16:11, Patrick Lauer wrote:
> Otherwise some funny person will use a 4-bit key that expires tomorrow
> just to point out the missing details ...

That is a simple case of "don't be a jackass".
I do not feel that it is a productive use of my time to outlegislate
being a jackass in Gentoo.

Regards,
Tony V.

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Anthony G. Basile]

On 09/29/2011 12:09 PM, Tony "Chainsaw" Vroon wrote:
> On 29/09/11 16:11, Patrick Lauer wrote:
>> Otherwise some funny person will use a 4-bit key that expires tomorrow
>> just to point out the missing details ...
> 
> That is a simple case of "don't be a jackass".
> I do not feel that it is a productive use of my time to outlegislate
> being a jackass in Gentoo.
> 
> Regards,
> Tony V.

If I comment on this, I will be bikeshedding ... j/k.

I'd be happy just to see a policy in place saying "we reject unsigned
manifests".  I mention the Council because that's one avenue for gentoo
wide policy.  The other is a GLEP, but I don't think that's necessary
here, or at least not yet.


-- 
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : blueness@gentoo.org
GnuPG FP  : 8040 5A4D 8709 21B1 1A88  33CE 979C AF40 D045 5535
GnuPG ID  : D0455535

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 924 bytes --]

On Thursday, September 29, 2011 12:18:17 Anthony G. Basile wrote:
> On 09/29/2011 12:09 PM, Tony "Chainsaw" Vroon wrote:
> > On 29/09/11 16:11, Patrick Lauer wrote:
> >> Otherwise some funny person will use a 4-bit key that expires tomorrow
> >> just to point out the missing details ...
> > 
> > That is a simple case of "don't be a jackass".
> > I do not feel that it is a productive use of my time to outlegislate
> > being a jackass in Gentoo.
> 
> If I comment on this, I will be bikeshedding ... j/k.
> 
> I'd be happy just to see a policy in place saying "we reject unsigned
> manifests".  I mention the Council because that's one avenue for gentoo
> wide policy.  The other is a GLEP, but I don't think that's necessary
> here, or at least not yet.

the commit hook is waiting on git:
https://bugs.gentoo.org/377233

then you won't need a policy because you can't commit any other way :p
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Mr. Aaron W. Swenson]

[-- Attachment #1: Type: text/plain, Size: 1218 bytes --]

On Thu, Sep 29, 2011 at 12:31:03PM -0400, Mike Frysinger wrote:
> On Thursday, September 29, 2011 12:18:17 Anthony G. Basile wrote:
> > On 09/29/2011 12:09 PM, Tony "Chainsaw" Vroon wrote:
> > > On 29/09/11 16:11, Patrick Lauer wrote:
> > >> Otherwise some funny person will use a 4-bit key that expires tomorrow
> > >> just to point out the missing details ...
> > > 
> > > That is a simple case of "don't be a jackass".
> > > I do not feel that it is a productive use of my time to outlegislate
> > > being a jackass in Gentoo.
> > 
> > If I comment on this, I will be bikeshedding ... j/k.
> > 
> > I'd be happy just to see a policy in place saying "we reject unsigned
> > manifests".  I mention the Council because that's one avenue for gentoo
> > wide policy.  The other is a GLEP, but I don't think that's necessary
> > here, or at least not yet.
> 
> the commit hook is waiting on git:
> https://bugs.gentoo.org/377233
> 
> then you won't need a policy because you can't commit any other way :p
> -mike

We don't need to wait for git which is forever on the horizon to enforce
it. There are other solutions to use.

-- 
Mr. Aaron W. Swenson
Pseudonym: TitanOfOld
Gentoo Developer

[-- Attachment #2: Type: application/pgp-signature, Size: 230 bytes --]

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 1445 bytes --]

On Thursday, September 29, 2011 12:59:13 Mr. Aaron W. Swenson wrote:
> On Thu, Sep 29, 2011 at 12:31:03PM -0400, Mike Frysinger wrote:
> > On Thursday, September 29, 2011 12:18:17 Anthony G. Basile wrote:
> > > On 09/29/2011 12:09 PM, Tony "Chainsaw" Vroon wrote:
> > > > On 29/09/11 16:11, Patrick Lauer wrote:
> > > >> Otherwise some funny person will use a 4-bit key that expires
> > > >> tomorrow just to point out the missing details ...
> > > > 
> > > > That is a simple case of "don't be a jackass".
> > > > I do not feel that it is a productive use of my time to outlegislate
> > > > being a jackass in Gentoo.
> > > 
> > > If I comment on this, I will be bikeshedding ... j/k.
> > > 
> > > I'd be happy just to see a policy in place saying "we reject unsigned
> > > manifests".  I mention the Council because that's one avenue for gentoo
> > > wide policy.  The other is a GLEP, but I don't think that's necessary
> > > here, or at least not yet.
> > 
> > the commit hook is waiting on git:
> > https://bugs.gentoo.org/377233
> > 
> > then you won't need a policy because you can't commit any other way :p
> 
> We don't need to wait for git which is forever on the horizon to enforce
> it. There are other solutions to use.

there is no technical solution with CVS.  commits are done on a per-file 
basis, so you can't reject an unsigned Manifest since the other files have 
already been committed.
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 1103 bytes --]

On Thursday, September 29, 2011 11:11:59 Patrick Lauer wrote:
> On 09/29/11 17:04, Tony "Chainsaw" Vroon wrote:
> > On 29/09/11 16:02, Anthony G. Basile wrote:
> >> Is there any chance that we can agree to reject
> >> unsigned manifests?  Possibly a question for the Council to adjudicate?
> > 
> > I am happy to back a mandatory signing policy for the main gentoo-x86
> > tree. This is a simple yes or no question that the council can vote on.
> 
> As previously discussed it would be nice to have some basic key policies
> in place for that - they can be changed at any later time, but for now
> we could agree on basic parameters like, say -
> 
> at least 1024bit key length
> at least 6 months validity from creation
> one or more algorithms (initially DSA signatures and SHA1 hashing)

there's nothing to decide as it was already outlined long ago in the docs:
http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6

if you want to *refine* that, then that's a different issue.  but the devs 
already have all the info they need to start signing now.
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Anthony G. Basile]

On 09/29/2011 12:23 PM, Mike Frysinger wrote:
> On Thursday, September 29, 2011 11:11:59 Patrick Lauer wrote:
>> On 09/29/11 17:04, Tony "Chainsaw" Vroon wrote:
>>> On 29/09/11 16:02, Anthony G. Basile wrote:
>>>> Is there any chance that we can agree to reject
>>>> unsigned manifests?  Possibly a question for the Council to adjudicate?
>>> I am happy to back a mandatory signing policy for the main gentoo-x86
>>> tree. This is a simple yes or no question that the council can vote on.
>> As previously discussed it would be nice to have some basic key policies
>> in place for that - they can be changed at any later time, but for now
>> we could agree on basic parameters like, say -
>>
>> at least 1024bit key length
>> at least 6 months validity from creation
>> one or more algorithms (initially DSA signatures and SHA1 hashing)
> there's nothing to decide as it was already outlined long ago in the docs:
> http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6
>
> if you want to *refine* that, then that's a different issue.  but the devs 
> already have all the info they need to start signing now.
> -mike

Thanks I didn't know that had made it to the devmanual.  I drop my
original request.

I guess the next step, if we were to take it, would be to have infra
enforce the policy automatically if a commit comes in which isn't signed.

-- 
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : blueness@gentoo.org
GnuPG FP  : 8040 5A4D 8709 21B1 1A88  33CE 979C AF40 D045 5535
GnuPG ID  : D0455535

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Anthony G. Basile]

On 09/29/2011 12:36 PM, Anthony G. Basile wrote:
> On 09/29/2011 12:23 PM, Mike Frysinger wrote:
>> On Thursday, September 29, 2011 11:11:59 Patrick Lauer wrote:
>>> On 09/29/11 17:04, Tony "Chainsaw" Vroon wrote:
>>>> On 29/09/11 16:02, Anthony G. Basile wrote:
>>>>> Is there any chance that we can agree to reject
>>>>> unsigned manifests?  Possibly a question for the Council to adjudicate?
>>>> I am happy to back a mandatory signing policy for the main gentoo-x86
>>>> tree. This is a simple yes or no question that the council can vote on.
>>> As previously discussed it would be nice to have some basic key policies
>>> in place for that - they can be changed at any later time, but for now
>>> we could agree on basic parameters like, say -
>>>
>>> at least 1024bit key length
>>> at least 6 months validity from creation
>>> one or more algorithms (initially DSA signatures and SHA1 hashing)
>> there's nothing to decide as it was already outlined long ago in the docs:
>> http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6
>>
>> if you want to *refine* that, then that's a different issue.  but the devs 
>> already have all the info they need to start signing now.
>> -mike
> Thanks I didn't know that had made it to the devmanual.  I drop my
> original request.
>
> I guess the next step, if we were to take it, would be to have infra
> enforce the policy automatically if a commit comes in which isn't signed.
>
Sorry sent this before getting Mike's email about

https://bugs.gentoo.org/377233

-- 
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : blueness@gentoo.org
GnuPG FP  : 8040 5A4D 8709 21B1 1A88  33CE 979C AF40 D045 5535
GnuPG ID  : D0455535

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Mr. Aaron W. Swenson]

[-- Attachment #1: Type: text/plain, Size: 2057 bytes --]

On Thu, Sep 29, 2011 at 12:23:08PM -0400, Mike Frysinger wrote:
> On Thursday, September 29, 2011 11:11:59 Patrick Lauer wrote:
> > On 09/29/11 17:04, Tony "Chainsaw" Vroon wrote:
> > > On 29/09/11 16:02, Anthony G. Basile wrote:
> > >> Is there any chance that we can agree to reject
> > >> unsigned manifests?  Possibly a question for the Council to adjudicate?
> > > 
> > > I am happy to back a mandatory signing policy for the main gentoo-x86
> > > tree. This is a simple yes or no question that the council can vote on.
> > 
> > As previously discussed it would be nice to have some basic key policies
> > in place for that - they can be changed at any later time, but for now
> > we could agree on basic parameters like, say -
> > 
> > at least 1024bit key length
> > at least 6 months validity from creation
> > one or more algorithms (initially DSA signatures and SHA1 hashing)
> 
> there's nothing to decide as it was already outlined long ago in the docs:
> http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6
> 
> if you want to *refine* that, then that's a different issue.  but the devs 
> already have all the info they need to start signing now.
> -mike

Well, there's a bit more to it than that. 'repoman' must enforce the usage
of keys or die if it can't. Further, it needs to allow the selection of a
key if it can't determine which to use. I was hit by this last
night. Instead of dying and saying that I chose to sign but it couldn't
determine which secret key to use (I recently generated a new key), it
just disabled FEATURES="sign" and committed anyway.

Also, the Dev Handbook only says 'can', it needs to be changed to
'must'. I'd also drop the bit about expiration. Instead, I'd change it to
read "expires no sooner than 6 months". You know, to give the key a moment
to be recognized by some people, perhaps even marginally trusted by
someone. What really matters is that it is an unexpired, valid key.

-- 
Mr. Aaron W. Swenson
Pseudonym: TitanOfOld
Gentoo Developer

[-- Attachment #2: Type: application/pgp-signature, Size: 230 bytes --]

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 1234 bytes --]

On Thursday, September 29, 2011 12:48:35 Mr. Aaron W. Swenson wrote:
> Well, there's a bit more to it than that. 'repoman' must enforce the usage
> of keys or die if it can't.

there's already bugs open for this.  298605 and 313601.  if you want to 
accelerate things, then chip in and update repoman.

> Also, the Dev Handbook only says 'can', it needs to be changed to
> 'must'.

that is the summary of the article which describes what the page is for, not 
the policy it enforces.

> I'd also drop the bit about expiration. Instead, I'd change it to
> read "expires no sooner than 6 months". You know, to give the key a moment
> to be recognized by some people, perhaps even marginally trusted by
> someone.

i'm fine with extending the length of the key.  i think last time this came 
up, so was everyone else.  the point was more disallowing keys that never 
expire.

but this doesn't stop anyone from signing their manifests today.

> What really matters is that it is an unexpired, valid key.

no, what matters is that the key is unexpired/valid at the time the signature 
was made, and not revoked after that (simply because it expired ... revoking 
because of compromise is obviously OK).
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Mr. Aaron W. Swenson]

[-- Attachment #1: Type: text/plain, Size: 2024 bytes --]

On Thu, Sep 29, 2011 at 01:26:25PM -0400, Mike Frysinger wrote:
> On Thursday, September 29, 2011 12:48:35 Mr. Aaron W. Swenson wrote:
> Well, there's a bit more to it than that. 'repoman' must enforce the
> usage of keys or die if it can't.
> 
> there's already bugs open for this.  298605 and 313601.  if you want to
> accelerate things, then chip in and update repoman.
> 
> > Also, the Dev Handbook only says 'can', it needs to be changed to
> > 'must'.
> 
> that is the summary of the article which describes what the page is for,
> not the policy it enforces.
> 

I guess I'm getting ahead of myself. We keep referencing that page saying
"here's how you should do it", but then we shoot ourselves in the foot
saying that it isn't policy in the next breath.

> > I'd also drop the bit about expiration. Instead, I'd change it to read
> > "expires no sooner than 6 months". You know, to give the key a moment
> > to be recognized by some people, perhaps even marginally trusted by
> > someone.
> 
> i'm fine with extending the length of the key.  i think last time this
> came up, so was everyone else.  the point was more disallowing keys that
> never expire.

I agree with that. The key should have an expiration. (I said something
different to Mr. Vroon not too long ago.) We don't want a trusted key
sticking around forever after a dev leaves us. It should be long enough to
not be an inconvenience. Five years is the general recommendation. I'd say
the average Gentoo Dev lifespan. (Do we even have stats on that?)

> but this doesn't stop anyone from signing their manifests today.

No, it certainly doesn't.

> > What really matters is that it is an unexpired, valid key.
> 
> no, what matters is that the key is unexpired/valid at the time the
> signature was made, and not revoked after that (simply because it
> expired ... revoking because of compromise is obviously OK).

That's what I meant.

-- 
Mr. Aaron W. Swenson
Pseudonym: TitanOfOld
Gentoo Developer

[-- Attachment #2: Type: application/pgp-signature, Size: 230 bytes --]

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Ciaran McCreesh]

[-- Attachment #1: Type: text/plain, Size: 434 bytes --]

On Thu, 29 Sep 2011 17:11:59 +0200
Patrick Lauer <patrick@gentoo.org> wrote:
> Otherwise some funny person will use a 4-bit key that expires tomorrow
> just to point out the missing details ...

Even if you do specify it, you'll still get developers who insist that
specifications are to be ignored and that whatever Portage accepts is
the standard. The solution to that problem isn't a technical one.

-- 
Ciaran McCreesh

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Robin H. Johnson]

On Thu, Sep 29, 2011 at 05:11:59PM +0200, Patrick Lauer wrote:
> Another point: Currently we do NOT sign eclasses and profiles.
> So before such a policy becomes mandatory we need to figure out how to
> handle that, otherwise we can't enforce it
And this is EXACTLY why I wrote the tree-signing GLEPS.

MetaManifest solves the problem over covering the entire tree with
signatures, WITHOUT requiring any specific action from developer.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Markos Chandras]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On 09/29/11 20:43, Robin H. Johnson wrote:
> On Thu, Sep 29, 2011 at 05:11:59PM +0200, Patrick Lauer wrote:
>> Another point: Currently we do NOT sign eclasses and profiles. So
>> before such a policy becomes mandatory we need to figure out how
>> to handle that, otherwise we can't enforce it
> And this is EXACTLY why I wrote the tree-signing GLEPS.
> 
> MetaManifest solves the problem over covering the entire tree with 
> signatures, WITHOUT requiring any specific action from developer.
> 
Robin,

I presume you are talking about GLEP 58[1] which seems to depend on
GLEP{59,60,61}[2][3][4]. Is that correct? So before we get to
MetaManifest we need to push the implementation for the rest of the
GLEPs forward

[1]http://www.gentoo.org/proj/en/glep/glep-0058.html
[2]http://www.gentoo.org/proj/en/glep/glep-0059.html
[3]http://www.gentoo.org/proj/en/glep/glep-0060.html
[4]http://www.gentoo.org/proj/en/glep/glep-0061.html

- -- 
Regards,
Markos Chandras / Gentoo Linux Developer / Key ID: B4AFF2C2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)

iQIcBAEBCgAGBQJOhM5nAAoJEPqDWhW0r/LCkksP/R6SPLFxURHhXEXh1uyWBj5/
C3qsYUPywH0P49IEYMLsMj8kmw08+wqIiK1vNljyIBPidltFQM6EFkjDjxo5m5ZV
oC9LgyHuSnIqo8FImh20TDuANhJHLQ4NdTXEYV3uTfV7LziL3t/WdQ+skviVR27Z
mPPPrGPfCUuXIuVVgqvzRDQiPWvaeRuGIKRNMcYEUjiBS4JpF03yPpQ3QQFKVQYp
EL4cryqw7bvTOpJ/AT+wV20N06/bEn1Tru/Qk9tWrEIUsleJzkVDwT31UnforETj
2Z2UY3UBMEoLaJnvmYmMuZBmVXl+xJ5PKhBhEMAC5HaExp7ACzKbhsxtULc2MGAo
y7i6dHLPPClWAGeVjt7XwLnqf/acylLFM5gV2HqL20fJafSeGW+MxMDnK1xRlyc0
4/HJrbUZp58MY0AcGuidNz2yzr6VPG+wydZdsdZrcjjoJmoqS2LC8KJOF6FgP4qP
BQrxgGy1g+F1YM+MBePcrsyLpZgnLrkbacXDg87neNejgfZXMjWPQxqMBS+4y185
t/AI7NShufZcEPztd9dFrieK9xMBJoO6ussUkba5zw00yNSyAXR255vnYK0Onqb6
/aBvCH3Zui1S96MMZ8KLBmubRav+mJrMJ1icQDBFjEgtwMJlILcUap0bJDphS8fp
cNHDLzUNYe6PPAGLEiSf
=EE/a
-----END PGP SIGNATURE-----

Re: [gentoo-project] Re: [gentoo-dev] Manifest signing

[Robin H. Johnson]

On Thu, Sep 29, 2011 at 09:00:39PM +0100, Markos Chandras wrote:
> On 09/29/11 20:43, Robin H. Johnson wrote:
> > On Thu, Sep 29, 2011 at 05:11:59PM +0200, Patrick Lauer wrote:
> >> Another point: Currently we do NOT sign eclasses and profiles. So
> >> before such a policy becomes mandatory we need to figure out how
> >> to handle that, otherwise we can't enforce it
> > And this is EXACTLY why I wrote the tree-signing GLEPS.
> > 
> > MetaManifest solves the problem over covering the entire tree with 
> > signatures, WITHOUT requiring any specific action from developer.
> > 
> Robin,
> 
> I presume you are talking about GLEP 58[1] which seems to depend on
> GLEP{59,60,61}[2][3][4]. Is that correct? So before we get to
> MetaManifest we need to push the implementation for the rest of the
> GLEPs forward
You should also read GLEP57, which describes why BOTH tree & developer
signing are needed.

I sent a prototype patch to the Portage list back when the GLEPs were up
for final review.

Also, I explicitly discussed under the GLEP58 section of "Implementation
Notes" how to go about implementing MetaManifest as soon as possible.
None of GLEP59/60/61 are actually needed to take MetaManifest live, they
just make the implementation of GLEP58 much better (flexible, more
resilient, more compact).

1. GLEP59: Hashes
   This is a very small patch, just changes which hashes Portage uses.
2. GLEP60: Manifest2 filetypes:
   Until GLEP59 is implemented, MetaManifest is generated with Manifest2
   filetype of 'MISC' for all entries. The only downside to this is less
   ability to non-strict verification of MetaManifest.
3. GLEP61: Manifest2 compression
   The MetaManifest is quite big, and can benefit from compression. xz
   has come a long way since GLEP61 was written, so re-running the
   numbers would be useful.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85