path: root/man
diff options
authorZac Medico <zmedico@gentoo.org>2020-06-12 16:25:43 -0700
committerZac Medico <zmedico@gentoo.org>2020-06-14 13:37:54 -0700
commitf0206663130c5ed6af7acc8995e4bd2d78cc74fe (patch)
tree13205a4cfc3e75a6e37c674539c178ee745821d6 /man
parentecompress: prefix eqawarn messages with QA Notice (bug 728046) (diff)
repos.conf: add bool sync-openpgp-key-refresh option (bug 661518)
Add a sync-openpgp-key-refresh option that makes it possible to disable key refresh, which may be useful in cases when it is not possible to refresh keys. Key refresh is enabled by default, and if it is disabled then the SyncBase._refresh_keys method will output an ewarn message like this when the --quiet option is not enabled: * Key refresh is disabled via a repos.conf sync-openpgp-key-refresh * setting, and this is a security vulnerability because it prevents * detection of revoked keys! Tested-by: Rick Farina <zerochaos@gentoo.org> Bug: https://bugs.gentoo.org/661518 Signed-off-by: Zac Medico <zmedico@gentoo.org>
Diffstat (limited to 'man')
1 files changed, 8 insertions, 1 deletions
diff --git a/man/portage.5 b/man/portage.5
index 36c871123..136ebaafe 100644
--- a/man/portage.5
+++ b/man/portage.5
@@ -1,4 +1,4 @@
-.TH "PORTAGE" "5" "Apr 2019" "Portage VERSION" "Portage"
+.TH "PORTAGE" "5" "Jun 2020" "Portage VERSION" "Portage"
portage \- the heart of Gentoo
@@ -1125,6 +1125,13 @@ only for protocols supporting cryptographic verification, provided
that the respective verification option is enabled. If unset, the user's
keyring is used.
+.B sync\-openpgp\-key\-refresh = yes
+Enable OpenPGP key(ring) refresh. This option is enabled by default.
+\fBWarning\fR: It is a security vulnerability to disable this option
+because this will prevent detection of revoked keys!
.B sync\-openpgp\-key\-refresh\-retry\-count = 40
Maximum number of times to retry key refresh if it fails. Between each
key refresh attempt, there is an exponential delay with a constant