| 1 |
On Wed, Apr 6, 2022 at 1:29 PM Jason A. Donenfeld <zx2c4@g.o> wrote: |
| 2 |
> |
| 3 |
> Sort of. The security between infra and users relies on SHA2-512. The |
| 4 |
> security between devs and infra relies on SHA-1. I guess the "full |
| 5 |
> system" depends on both, but I've been focused on the more likely |
| 6 |
> issue of a community-run mirror serving bogus files. |
| 7 |
|
| 8 |
Well, that depends on how you're syncing the tree. If you're using |
| 9 |
rsync then there is a signed manifest in the root, so I agree in that |
| 10 |
case it is just SHA2-512. If you're syncing using git then the |
| 11 |
manifests only reference distfiles, and the only link between the |
| 12 |
commit and the tree/objects are their SHA-1 hashes until git adopts a |
| 13 |
different hash function. |
| 14 |
|
| 15 |
> Yea I see this argument, but I don't quite buy it. Maintaining two |
| 16 |
> sets of hashes for the unlikely event that one gets broken AND we |
| 17 |
> absolutely cannot incrementally transition gradually to an unbroken |
| 18 |
> one seems rather overblown. |
| 19 |
|
| 20 |
It is very much a hand-waving judgement call. This is one of those |
| 21 |
low cost, low risk, high reward situations IMO. The cost of |
| 22 |
calculating hashes is fairly low (especially if done in a more sane |
| 23 |
way). The odds it will ever have a benefit are low. If it does have |
| 24 |
a benefit, it will be in a situation where the world is on fire and |
| 25 |
we'll be very happy to not have to go verify a gazillion distfiles on |
| 26 |
top of everything else we have to fix. I'll defer to those wiser than |
| 27 |
me to make the call. :) |
| 28 |
|
| 29 |
-- |
| 30 |
Rich |
Archives