On 07/08/2018 06:56 AM, Michał Górny wrote: > W dniu nie, 08.07.2018 o godzinie 15∶02 +0200, użytkownik Kristian > Fiskerstrand napisał: >> On 07/08/2018 08:53 AM, Michał Górny wrote: >>> Is safe git syncing implemented already? If not, maybe finish it first and >>> cover both with a single news item. Git is going to be more efficient here, >>> so people may want to learn they have an alternative. >> >> Why complicate things, and increase wait for something that benefits >> most users, just to give alternatives to a few using non-default sync >> mechanism. Securing git distribution is a whole different ballpark. >> > > Let me rephrase. Let's say I'm using rsync. This new feature is > something positive but it breaks my use case (for one of the listed > reasons -- overlayfs, inode use, small fs cache). After reading this > news item, I learn that my only option is to disable the new feature. > > Now, I would appreciate being told that there's an alternate sync method > that handles secure updates without having all those drawbacks.
The thing is, the normal git tree doesn't even provide pre-generated metadata, and I see then gentoo-mirror repo that provides metadata does not have commits signed with an release key: https://github.com/gentoo-mirror/gentoo/commits/stable So I'm really not comfortable recommending git to anyone at this point. -- Thanks, Zac
signature.asc
Description: OpenPGP digital signature
