From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-project+bounces-1596-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1R9MWr-0000Zi-Mj
	for garchives@archives.gentoo.org; Thu, 29 Sep 2011 19:44:21 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 99FB821C214;
	Thu, 29 Sep 2011 19:44:02 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 4752B21C209
	for <gentoo-project@lists.gentoo.org>; Thu, 29 Sep 2011 19:43:49 +0000 (UTC)
Received: from grubbs.orbis-terrarum.net (localhost [127.0.0.1])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id BB34B1B400E
	for <gentoo-project@lists.gentoo.org>; Thu, 29 Sep 2011 19:43:48 +0000 (UTC)
Received: (qmail 5170 invoked by uid 10000); 29 Sep 2011 19:43:48 -0000
Date: Thu, 29 Sep 2011 19:43:48 +0000
From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-project@lists.gentoo.org
Subject: Re: [gentoo-project] Re: [gentoo-dev] Manifest signing
Message-ID: <robbat2-20110929T194209-257387404Z@orbis-terrarum.net>
References: <4E848879.2050100@gentoo.org>
 <4E848916.7010002@gentoo.org>
 <4E848ABF.7060308@gentoo.org>
Precedence: bulk
List-Post: <mailto:gentoo-project@lists.gentoo.org>
List-Help: <mailto:gentoo-project+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-project+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-project+subscribe@lists.gentoo.org>
List-Id: Gentoo Project discussion list <gentoo-project.gentoo.org>
X-BeenThere: gentoo-project@lists.gentoo.org
Reply-To: gentoo-project@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <4E848ABF.7060308@gentoo.org>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Archives-Salt: 
X-Archives-Hash: d9439618ff1b63a7f373d0e88c84f6f6

On Thu, Sep 29, 2011 at 05:11:59PM +0200, Patrick Lauer wrote:
> Another point: Currently we do NOT sign eclasses and profiles.
> So before such a policy becomes mandatory we need to figure out how to
> handle that, otherwise we can't enforce it
And this is EXACTLY why I wrote the tree-signing GLEPS.

MetaManifest solves the problem over covering the entire tree with
signatures, WITHOUT requiring any specific action from developer.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85