Talk:DeveloperWiki:Package signing

From ArchWiki
Jump to navigation Jump to search

Package signing in Gentoo

Ebuild files are signed in Gentoo. In the development repository, all commits are signed by developers, and therefore all files in the repository are covered by signatures. For user distribution, git and rsync are supported. Git combines developer signatures with merge commits with automated signatures (merge commit is always on top, so it's sufficient to verify that one commit). RSync uses a nested tree of Manifests that describe checksums of every file in the repository, and the top Manifest has a cleartext signature.

Relevant documentation:

MGorny (talk) 15:16, 25 January 2019 (UTC)