Handbook Talk:PPC/Working/Features

Validated Gentoo repository snapshots
Hey everyone,

Not working according to description
So, I've been trying out validating Gentoo repositories according to the manual, however, this will lead to an error message:

!!! Repository 'gentoo' has sync-type attribute, but is missing sync-uri attribute * The specified repo(s) are missing sync-uri: gentoo ...returning
 * 1) emerge --sync

So I thought of deleting it all together, which works. However, it'll then simply use the preset value in. However it seems to work, at least with my preset, so maybe the section Clear the sync-uri variable is obsolete?

According to this thread at Gentoo Forums it seems to be the case.

--Pygospa (talk) 08:55, 3 August 2017 (UTC)


 * The problem mentioned in "Not working according to description" is the well known . The workaround is to omit that line.--Charles17 (talk) 10:11, 3 August 2017 (UTC)


 * And for the time until is fixed, Gentoo handbook should propose the ugly workaround instead of settings which are correct but due to the bug don't work!--Charles17 (talk) 11:03, 3 August 2017 (UTC)


 * I think so, too. I would just remove that file block all together, as removing the whole line in  would just make emerge use the settings in , which in most cases would be the same anyways. However, I don't seem to have the rights to edit that page. One more thing that just came into my mind:   does not exist by default. According to Project:Portage/Sync it should only exist when making changes anyway, so if a reader never changed anything up to this point, he won't find   and might get frustrated. One should add that as well, once this is working as it should...


 * I don't understand however, why one should bother to take that out anyway. When leaving the line in the config, I do get yet another warning saying that  - however, GPG signatures get checked.--Pygospa (talk) 09:05, 4 August 2017 (UTC)

--Charles17 (talk) 11:21, 4 August 2017 (UTC)
 * See

Good idea to fully trust fingerprints from a website?
Another thing I was wondering is: Is it really a good idea to fully trust a fingerprint from a website?

As far as my understanding of Web-of-Trust goes, I should only trust keys where I have personally verified the fingerprint, e.g. by calling the owner, or meeting up and checking if the fingerprint I got from the web is identical to the one the owner has on his computer, with the attack scenario being that someone managed to temper with the website listing the fingerprints.

--Pygospa (talk) 08:55, 3 August 2017 (UTC)