On 11/28/24 5:35 AM, Ulrich Müller wrote:
>> On Wed, 27 Nov 2024, Eli Schwartz wrote:
>
>> --- /dev/null
>> +++ b/eclass/sec-keys.eclass
>> @@ -0,0 +1,150 @@
>> +# Copyright 2024 Gentoo Authors
>> +# Distributed under the terms of the GNU General Public License v2
>> +
>> +# @ECLASS: sec-keys.
> On Wed, 27 Nov 2024, Eli Schwartz wrote:
> --- /dev/null
> +++ b/eclass/sec-keys.eclass
> @@ -0,0 +1,150 @@
> +# Copyright 2024 Gentoo Authors
> +# Distributed under the terms of the GNU General Public License v2
> +
> +# @ECLASS: sec-keys.eclass
> +# @MAINTAINER:
> +# Eli Schwartz
> +# @AU
On 11/27/24 4:12 PM, Michał Górny wrote:
> On Wed, 2024-11-27 at 15:30 -0500, Eli Schwartz wrote:
>> The current state of verify-sig support is a bit awkward. We rely on
>> validating distfiles against a known trusted keyring, but creating the
>> known trusted keyring is basically all manual verifi
On 11/27/24 4:57 PM, Sam James wrote:
> Eli Schwartz writes:
>> +# @EXAMPLE:
>> +# Example use:
>> +#
>> +# @CODE
>> +# SEC_KEYS_VALIDPGPKEYS=(
>> +# '4EC8A4DB7D2E01C00AF36C49E5C587B5E286C65A:jsmith:github'
>> +# )
>
> Can you expand the example(s) here maybe with some comments in the array
> t
Eli Schwartz writes:
> The current state of verify-sig support is a bit awkward. We rely on
> validating distfiles against a known trusted keyring, but creating the
> known trusted keyring is basically all manual verification. We somehow
> decide an ascii armored key is good enough without any po
Michał Górny writes:
> On Wed, 2024-11-27 at 15:30 -0500, Eli Schwartz wrote:
>> The current state of verify-sig support is a bit awkward. We rely on
>> validating distfiles against a known trusted keyring, but creating the
>> known trusted keyring is basically all manual verification. We somehow
On Wed, 2024-11-27 at 15:30 -0500, Eli Schwartz wrote:
> The current state of verify-sig support is a bit awkward. We rely on
> validating distfiles against a known trusted keyring, but creating the
> known trusted keyring is basically all manual verification. We somehow
> decide an ascii armored k
