Comment 1 Petteri Räty (RETIRED) 2009-10-16 13:03:12 UTC

(In reply to comment #0)
> Steps to reproduce:
> 
> 1. Navigate to
> http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6
> 2. http://dev.gentoo.org/~genone/scripts/portage-gpg-verify.sh is a broken link
> (404)
> 

Portage team: Do we have anything to verify Manifests these days?

Comment 2 Zac Medico 2009-10-16 17:08:17 UTC

(In reply to comment #1)
> Portage team: Do we have anything to verify Manifests these days?

The closest thing that we have is the gpg signature verification that's part of emerge-webrsync. In order to use that, you have to trust key id 
0x7DDAD20D, set PORTAGE_GPG_DIR, and enable FEATURES=webrsync-gpg in /etc/make.conf. There is an example at the top of /usr/sbin/emerge-webrsync for setting up PORTAGE_GPG_DIR with trust for the required key id.

Comment 3 Petteri Räty (RETIRED) 2009-10-16 19:06:47 UTC

(In reply to comment #2)
> 
> The closest thing that we have is the gpg signature verification that's part of
> emerge-webrsync. In order to use that, you have to trust key id 
> 0x7DDAD20D, set PORTAGE_GPG_DIR, and enable FEATURES=webrsync-gpg in
> /etc/make.conf. There is an example at the top of /usr/sbin/emerge-webrsync for
> setting up PORTAGE_GPG_DIR with trust for the required key id.
> 

Doesn't help the handbook page in question. Any suggestions on what to do with 6.b? Just nuke it?

Comment 4 Zac Medico 2009-10-16 19:11:54 UTC

(In reply to comment #3)
> Doesn't help the handbook page in question. Any suggestions on what to do with
> 6.b? Just nuke it?

Yes, remove it, since there's no supported way to verify them at this time.

Comment 5 Petteri Räty (RETIRED) 2009-10-16 19:18:05 UTC

(In reply to comment #4)
> (In reply to comment #3)
> > Doesn't help the handbook page in question. Any suggestions on what to do with
> > 6.b? Just nuke it?
> 
> Yes, remove it, since there's no supported way to verify them at this time.
> 

Nuked.