On Thu, Oct 07, 2010 at 10:17:01AM -0400, James Cloos wrote:
> >>>>> "RHJ" == Robin H Johnson <email@example.com> writes:
> >> Include the signing keyid in the filename to support both allowing
> >> multiple devs to sign a file and an easy indication of who signed it.
> RHJ> You can extract keyid from any signature trivially.
> But if it is not in the filename you cannot have multiple sig files.
This does still bloat the inode count. The variant was to have multiple
signed blocks inside the Manifest file.
> >> Don't stop everything just because /one/ package has a problem.
> RHJ> This is already controllable.
> If you mean --keep-going, that may work sometimes, but never did when I
> really needed it.
"FEATURES=-severe" iirc, but I do agree that more control over signature
validation in FEATURES would be beneficial.
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail : firstname.lastname@example.org
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85