-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 08/14/2015 01:56 PM, Andrew Savchenko wrote:
.. > > 2. The question is why manifests are modified for rsync. In git > manifests are thin (only distfiles are there), in rsync they also > contain checksums for ebuilds and files dir content. Do we really > need this? These manifests are not signed now, so of little use. They will be OpenPGP signed by a releng key during thickening and portage will auto-verify it using gkeys once things are in place. As such checksum for ebuilds and other files certainly needs to be part of the manifest, otherwise it can open up for malicious alterations of these files. - -- Kristian Fiskerstrand Public PGP key 0xE3EDFAE3 at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJVzeLTAAoJECULev7WN52F9z8H/1Es0XTZP2eBmVyMSfVf65T7 MVO2v+0r91kjBekwkmKMNbLM/ZubAq1af20xSUW5Q9kBANJ3GIieU/6CpcVS3BCP bgjSCSOj2cydCgWO3i6eydrB9yEpLVPzi4rezbNVSaLsG3WYEl07z/knXYU5mJJW ViXNeOBPyCDpJiwgccGDmIbFvIghI9bPFOCrLRvmH5v+Velk0QNdK/PZd9pvd792 FIyoPcE2hq8NYpeH7o/WWwLcsczERg5HhcAnTmTZYZ0DpLhQzEfHrLlkD46JbR0j JT7rn7PtmtsQNoXTQesmA4hrGLu26fUVljqSbIwJt/33ijis7VSxZVedCp7wGyc= =c5IU -----END PGP SIGNATURE-----
