Steps to reproduce: 1. Navigate to http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6 2. http://dev.gentoo.org/~genone/scripts/portage-gpg-verify.sh is a broken link (404)
(In reply to comment #0) > Steps to reproduce: > > 1. Navigate to > http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6 > 2. http://dev.gentoo.org/~genone/scripts/portage-gpg-verify.sh is a broken link > (404) > Portage team: Do we have anything to verify Manifests these days?
(In reply to comment #1) > Portage team: Do we have anything to verify Manifests these days? The closest thing that we have is the gpg signature verification that's part of emerge-webrsync. In order to use that, you have to trust key id 0x7DDAD20D, set PORTAGE_GPG_DIR, and enable FEATURES=webrsync-gpg in /etc/make.conf. There is an example at the top of /usr/sbin/emerge-webrsync for setting up PORTAGE_GPG_DIR with trust for the required key id.
(In reply to comment #2) > > The closest thing that we have is the gpg signature verification that's part of > emerge-webrsync. In order to use that, you have to trust key id > 0x7DDAD20D, set PORTAGE_GPG_DIR, and enable FEATURES=webrsync-gpg in > /etc/make.conf. There is an example at the top of /usr/sbin/emerge-webrsync for > setting up PORTAGE_GPG_DIR with trust for the required key id. > Doesn't help the handbook page in question. Any suggestions on what to do with 6.b? Just nuke it?
(In reply to comment #3) > Doesn't help the handbook page in question. Any suggestions on what to do with > 6.b? Just nuke it? Yes, remove it, since there's no supported way to verify them at this time.
(In reply to comment #4) > (In reply to comment #3) > > Doesn't help the handbook page in question. Any suggestions on what to do with > > 6.b? Just nuke it? > > Yes, remove it, since there's no supported way to verify them at this time. > Nuked.