Summary: | gpg: "strict" incorrectly takes priority over "severe" | ||
---|---|---|---|
Product: | Portage Development | Reporter: | Torsten Veller (RETIRED) <tove> |
Component: | Core | Assignee: | Portage team <dev-portage> |
Status: | RESOLVED LATER | ||
Severity: | normal | CC: | sascha-gentoo-bugzilla |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | x86 | ||
OS: | All | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Torsten Veller (RETIRED)
2004-10-25 16:35:21 UTC
Perhaps I'm ignorant, but the documentation on the gpg feature seems to be lacking. Where are we supposed to obtain the official keyring from? The portage sources say dev.gentoo.org/~carpaski/gpg/ but that seems to be outdated. The Manifest Signing Guide is also outdated where it says "portage has no verification support integrated". http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6 After I get a keyring, I'll gladly correct this severe vs. strict issue. :) Portage officially never had verification support as there is no official key policy, that's what the council is (hopefully) going to work on. Also Manifest2 doesn't have any verification support yet for that reason. Closing as the gpg stuff needs a general overhaul. |