1 |
Hi, |
2 |
|
3 |
So here's my proposed plan, after considering all the replies. |
4 |
|
5 |
|
6 |
Immediately after accepting |
7 |
--------------------------- |
8 |
|
9 |
a. Revbump Portage to add pyblake2 dep (to ensure BLAKE2 is supported |
10 |
on py<3.6) and request stabilizing this version. |
11 |
|
12 |
b. Create a git update hook that rejects Manifest entries that contain |
13 |
SHA512 only, to prevent a bug in current versions of Portage, that |
14 |
causes it to skip BLAKE2 when no implementation is installed instead |
15 |
of complaining [optional]. |
16 |
|
17 |
|
18 |
Now, let T = day when the new version is stable on amd64. |
19 |
|
20 |
|
21 |
T + 7 days |
22 |
---------- |
23 |
|
24 |
Set: |
25 |
|
26 |
manifest-hashes = BLAKE2B SHA512 |
27 |
manifest-required-hashes = SHA512 |
28 |
|
29 |
New Manifest entries will use the new hashes but Portage will keep the |
30 |
old hash set whenever it would need to refetch old distfiles. |
31 |
|
32 |
|
33 |
|
34 |
T + 3 months |
35 |
------------ |
36 |
|
37 |
Set: |
38 |
|
39 |
manifest-required-hashes = BLAKE2B |
40 |
|
41 |
Portage will now request updating hashes for all files, including |
42 |
old distfiles. We will start proactively updating Manifests here, |
43 |
and file bugs for fetch-restricted packages. |
44 |
|
45 |
|
46 |
T + 6 months |
47 |
------------ |
48 |
|
49 |
All Manifests should use the new hashes by this time. The remaining |
50 |
fetch-restricted packages should be last-rited. |
51 |
|
52 |
|
53 |
T + 36 months |
54 |
------------- |
55 |
|
56 |
Set: |
57 |
|
58 |
manifest-hashes = BLAKE2B |
59 |
|
60 |
Remove SHA512 from all Manifests. |
61 |
|
62 |
|
63 |
-- |
64 |
Best regards, |
65 |
Michał Górny |