Dnia 26 października 2017 23:58:53 CEST, Roy Bamford <neddyseag...@gentoo.org> napisał(a): >On 2017.10.26 21:12, Michał Górny wrote: >> Hi, everyone. >> >> After a week of hard work, I'd like to request your comments >> on the draft of GLEP 74. This GLEP aims to replace the old >> tree-signing >> GLEPs 58 and 60 with a superior implementation and more complete >> specification. >> >> The original tree-signing GLEPs were accepted a few years back but >> they >> have never been implemented. This specification, on the other hand, >> comes with a working reference implementation for the verification >> algorithm. I expect to finish the update/generation part in a few >> days, >> then work on additional optimizations (threading, incremental >> verification, incremental updates). >> >> ReST: https://dev.gentoo.org/~mgorny/tmp/glep-0074.rst >> HTML: https://dev.gentoo.org/~mgorny/tmp/glep-0074.html >> impl: https://github.com/mgorny/gemato/ >> >> Full text following for inline comments. >> >[snip lots of hard work] >> >> -- >> Best regards, >> Michał Górny >> >> >> > >Michał, > >Thank you for the hard work. > >This GLEP implies that users need to have the entire repository to >validate >and authenticate, if I understand it correctly. > >For example >PORTAGE_RSYNC_EXTRA_OPTS="--exclude=<list_of_<package/categories>" >wil still work but the resulting tree could not be authenticaed. as >the top level signature would fail. > >The manifests would still work correctly because they only apply to >the directory containing them. Pruning the repository at >rsync time will therefore remove the manifents and the files that they >cover. > >Is that understanding correct?
Yes. We can't technically distinguish intentional package removal by user from malicious third party stripping them. This is something that a package manager extension might handle but it doesn't belong in the spec. -- Best regards, Michał Górny (by phone)
