On Sun, Jul 8, 2018 at 9:02 AM Kristian Fiskerstrand <k...@gentoo.org> wrote: > > On 07/08/2018 08:53 AM, Michał Górny wrote: > > Is safe git syncing implemented already? If not, maybe finish it first and > > cover both with a single news item. Git is going to be more efficient here, > > so people may want to learn they have an alternative. > > Why complicate things, and increase wait for something that benefits > most users, just to give alternatives to a few using non-default sync > mechanism. Securing git distribution is a whole different ballpark. >
I'll agree that it is different, but we're talking about verification of the HEAD signature by infra, not verification of individual developer keys, which was the topic of the recent thread. Verification is already built-into portage for git syncing (but off by default). The problem is that portage will still checkout the tree if it fails verification. The patch is to do the verification before checking it out so that if it fails the tree is left in a last-known-good state (at least as seen by tools at the filesystem level - the fetched bad commits would still be visible to git). -- Rich
