Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 68906 - gpg: "strict" incorrectly takes priority over "severe"
Summary: gpg: "strict" incorrectly takes priority over "severe"
Status: RESOLVED LATER
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Core (show other bugs)
Hardware: x86 All
: High normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2004-10-25 16:35 UTC by Torsten Veller (RETIRED)
Modified: 2007-01-10 05:41 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Torsten Veller (RETIRED) gentoo-dev 2004-10-25 16:35:21 UTC
severe needs minimumTrust=TRUSTED
strict requires only MARGINAL.

If both are set: minimumTrust is only MARGINAL, i would have expected TRUSTED.

I think, the order in the if-statement in portage.py (l. 4904 ff) should be "severe, strict" instead of "strict, severe".
Comment 1 Zac Medico gentoo-dev 2006-04-21 17:46:35 UTC
Perhaps I'm ignorant, but the documentation on the gpg feature seems to be lacking.  Where are we supposed to obtain the official keyring from?  The portage sources say dev.gentoo.org/~carpaski/gpg/ but that seems to be outdated.  The Manifest Signing Guide is also outdated where it says "portage has no verification support integrated".

http://www.gentoo.org/proj/en/devrel/handbook/handbook.xml?part=2&chap=6

After I get a keyring, I'll gladly correct this severe vs. strict issue. :)
Comment 2 Marius Mauch (RETIRED) gentoo-dev 2006-04-24 04:52:13 UTC
Portage officially never had verification support as there is no official key policy, that's what the council is (hopefully) going to work on. Also Manifest2 doesn't have any verification support yet for that reason.
Comment 3 Marius Mauch (RETIRED) gentoo-dev 2007-01-10 05:41:21 UTC
Closing as the gpg stuff needs a general overhaul.