-
The current system theoretically allows for a DIST type file to be recorded
+
The current system theoretically allows for a DIST type file to be recorded
in multiple digest files with different sizes and/or checksums. In such a case
one version of a package would report a checksum violation while another one
would not. This could create confusion and uncertainity among users.
@@ -206,20 +206,20 @@
Right now portage verifies the checksum of every file listed in the Manifest
-before using any file of the package and all DIST files of an ebuild
+before using any file of the package and all DIST files of an ebuild
before using that ebuild. This is unnecessary in many cases:
- During the "depend" phase (when the ebuild metadata is generated) only
-files of type EBUILD are used, so verifying the other types isn't
+files of type EBUILD are used, so verifying the other types isn't
necessary. Theoretically it is possible for an ebuild to include other
-files like those of type AUX at this phase, but that would be a
+files like those of type AUX at this phase, but that would be a
major QA violation and should never occur, so it can be ignored here.
It is also not a security concern as the ebuild is verified before parsing
it, so each manipulation would show up.
-- Generally files of type MISC don't need to be verified as they are
+
- Generally files of type MISC don't need to be verified as they are
only used in very specific situations, aren't executed (just parsed at most)
and don't affect the package build process.
-- Files of type DIST only need to be verified directly after fetching and
+
- Files of type DIST only need to be verified directly after fetching and
before unpacking them (which often will be one step), not every time their
associated ebuild is used.
@@ -233,7 +233,7 @@
- Add support for verification of Manifest2 entries in portage
- Enable generation of Manifest2 entries in addition to the current system
-- Ignore digests during emerge --sync to get the size-benefit clientside.
+
- Ignore digests during emerge --sync to get the size-benefit clientside.
This step may be ommitted if the following steps are expected to follow soon.
- Disable generation of entries for the current system
- Remove all traces of the current system from the tree (serverside)
@@ -305,10 +305,10 @@
like any other checksum. But so far no real benefit (other than a slightly
more modular implementation) for this has been seen while it has several
drawbacks: For once, unlike checksums, the size field is definitely required
-for all DIST files, also it would slightly increase the length of
-each entry by adding a SIZE keyword.
-- removal of the MISC type: It has been suggested to completely drop
-entries of type MISC. This would result in a minor space reduction
+for all DIST files, also it would slightly increase the length of
+each entry by adding a SIZE keyword.
+- removal of the MISC type: It has been suggested to completely drop
+entries of type MISC. This would result in a minor space reduction
(its rather unlikely to free any blocks) but completely remove the ability
to check these files for integrity. While they don't influence portage
or packages directly they can contain viable information for users, so
@@ -375,7 +375,7 @@