| 1 |
Hi, |
| 2 |
|
| 3 |
So here's my proposed plan, after considering all the replies. |
| 4 |
|
| 5 |
|
| 6 |
Immediately after accepting |
| 7 |
--------------------------- |
| 8 |
|
| 9 |
a. Revbump Portage to add pyblake2 dep (to ensure BLAKE2 is supported |
| 10 |
on py<3.6) and request stabilizing this version. |
| 11 |
|
| 12 |
b. Create a git update hook that rejects Manifest entries that contain |
| 13 |
SHA512 only, to prevent a bug in current versions of Portage, that |
| 14 |
causes it to skip BLAKE2 when no implementation is installed instead |
| 15 |
of complaining [optional]. |
| 16 |
|
| 17 |
|
| 18 |
Now, let T = day when the new version is stable on amd64. |
| 19 |
|
| 20 |
|
| 21 |
T + 7 days |
| 22 |
---------- |
| 23 |
|
| 24 |
Set: |
| 25 |
|
| 26 |
manifest-hashes = BLAKE2B SHA512 |
| 27 |
manifest-required-hashes = SHA512 |
| 28 |
|
| 29 |
New Manifest entries will use the new hashes but Portage will keep the |
| 30 |
old hash set whenever it would need to refetch old distfiles. |
| 31 |
|
| 32 |
|
| 33 |
|
| 34 |
T + 3 months |
| 35 |
------------ |
| 36 |
|
| 37 |
Set: |
| 38 |
|
| 39 |
manifest-required-hashes = BLAKE2B |
| 40 |
|
| 41 |
Portage will now request updating hashes for all files, including |
| 42 |
old distfiles. We will start proactively updating Manifests here, |
| 43 |
and file bugs for fetch-restricted packages. |
| 44 |
|
| 45 |
|
| 46 |
T + 6 months |
| 47 |
------------ |
| 48 |
|
| 49 |
All Manifests should use the new hashes by this time. The remaining |
| 50 |
fetch-restricted packages should be last-rited. |
| 51 |
|
| 52 |
|
| 53 |
T + 36 months |
| 54 |
------------- |
| 55 |
|
| 56 |
Set: |
| 57 |
|
| 58 |
manifest-hashes = BLAKE2B |
| 59 |
|
| 60 |
Remove SHA512 from all Manifests. |
| 61 |
|
| 62 |
|
| 63 |
-- |
| 64 |
Best regards, |
| 65 |
Michał Górny |
Archives