On 08/07/18 18:34, Rich Freeman wrote: > On Sun, Jul 8, 2018 at 9:02 AM Kristian Fiskerstrand <k...@gentoo.org> wrote: >> On 07/08/2018 08:53 AM, Michał Górny wrote: >>> Is safe git syncing implemented already? If not, maybe finish it first and >>> cover both with a single news item. Git is going to be more efficient here, >>> so people may want to learn they have an alternative. >> Why complicate things, and increase wait for something that benefits >> most users, just to give alternatives to a few using non-default sync >> mechanism. Securing git distribution is a whole different ballpark. >> > I'll agree that it is different, but we're talking about verification > of the HEAD signature by infra, not verification of individual > developer keys, which was the topic of the recent thread. > > Verification is already built-into portage for git syncing (but off by > default). The problem is that portage will still checkout the tree if > it fails verification. The patch is to do the verification before > checking it out so that if it fails the tree is left in a > last-known-good state (at least as seen by tools at the filesystem > level - the fetched bad commits would still be visible to git). > Slightly radical thought here, but hear me out ..
Could we use this same functionality to be able to validate the tree integrity with respect to CI testing? I mean, if the tree is 'broken' could we have some kind of warning displayed perhaps? Something that could be toggled (or default Off) would indeed be good, so that users/devs can choose what level or 'standard' of tree state they're prepared to accept.
signature.asc
Description: OpenPGP digital signature
