Support for gnupg key checking of a binhost's binary packages. Personally I think that the ability to create a secure binhost makes Gentoo truly a meta-distribution, In the sense that you can create your own distribution complete with a secure binary host. Reproducible: Always
The easiest thing would be to sign the 'Packages' file, which is like a manifest containing checksums for all the packages.
It seems to me that this can easily be accomplished in two steps. Step one, IFF FEATURES="sign buildpkg" then sign the Packages file in the binhost. FEATURES=sign already requires thing to be setup right, so if it is turned on I believe it is fair to say we can sign things. Step two, add some way for emerge to verify the signature on the packages file. These don't have to be completed at the same time, but with how simple step 1 is, I would like to see if anyone cares to implement it.
Forgive the brain dump but after conversation in #gentoo-portage I'm adding a step 3: sign all binary packages individually. While most users will be pulling binaries from a proper repo, some might not, and it would be nice to have a way to sign them. Additionally, my suggestion to use FEATURES=sign is based on my personal belief that by setting FEATURES=sign I want to sign things and as such it can be extended to automatically signing just about anything appropriate in the name of devving. That said, some others may believe that FEATURES=sign means "sign the manifest" and that is all it ever should mean, which would mean we need a separate features for signing the packages file and signing the individual packages and whatever else we later want to sign for fun (like eclasses). Personally I feel FEATURES=sign should mean "sign everything possible" because I can't see any use case for "sign some things but not others because I want users to be more secure but not as secure as possible", but there is room for discussion on that point.
I said it on irc, I can't unsay it. $200 if this gets a working implementation in the next 30 days that can be accepted into portage. It doesn't have to be exactly as I specified, I'm paying for success not getting it my way. Rules are: Must be good enough to be accepted into portage, but doesn't necessarily have to be accepted within the time limit. If portage team causes significant delay in this I will still show consideration for the work accomplished by the author of the patches if at some point the patches are accepted.
I'll match Zero Chaos's $200. There's probably a rule against auctioning feature requests in b.g.o. If so I'll pay another $200 fine to the person(s) who implement this...
(In reply to Hank Leininger from comment #5) > I'll match Zero Chaos's $200. > > There's probably a rule against auctioning feature requests in b.g.o. If so > I'll pay another $200 fine to the person(s) who implement this... Wish granted!
