Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 650072 - 2018-01-30-portage-rsync-verification now provided false information to users
Summary: 2018-01-30-portage-rsync-verification now provided false information to users
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Misc (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
Depends on:
Blocks: 650144 650060
  Show dependency tree
Reported: 2018-03-10 08:24 UTC by Michał Górny
Modified: 2018-05-19 22:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2018-03-10 08:24:43 UTC
The news item stated:

> Starting with sys-apps/portage-2.3.21, Portage will verify the Gentoo
> repository after rsync by default.

However, in commit 369f75c043173531d52a4aa6c7ba55e5a8d5b1ac has removed this default from 2.3.24. Now users who read the news item will wrongly believe that their system is secure while it is not.
Comment 1 Zac Medico gentoo-dev 2018-03-10 21:30:08 UTC
In order to resolve this, I've posted a news item for review, and it's currently not rendering in for some reason:

There's a copy available here:
Comment 2 Larry the Git Cow gentoo-dev 2018-03-13 23:06:18 UTC
The bug has been referenced in the following commit(s):

commit 793f55a973790885834aba0e183f5e3a41654ebe
Author:     Zac Medico <>
AuthorDate: 2018-03-10 21:02:18 +0000
Commit:     Zac Medico <>
CommitDate: 2018-03-10 23:10:25 +0000

    2018-03-13-portage-rsync-verification-unstable: Add

 ...3-13-portage-rsync-verification-unstable.en.txt | 46 ++++++++++++++++++++++
 1 file changed, 46 insertions(+)}
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2018-05-19 22:18:32 UTC
mgorny has agreed, via discussion on irc, that the intent of this bug has been met and it can be closed.