1 |
On Wed, Apr 6, 2022 at 1:29 PM Jason A. Donenfeld <zx2c4@g.o> wrote: |
2 |
> |
3 |
> Sort of. The security between infra and users relies on SHA2-512. The |
4 |
> security between devs and infra relies on SHA-1. I guess the "full |
5 |
> system" depends on both, but I've been focused on the more likely |
6 |
> issue of a community-run mirror serving bogus files. |
7 |
|
8 |
Well, that depends on how you're syncing the tree. If you're using |
9 |
rsync then there is a signed manifest in the root, so I agree in that |
10 |
case it is just SHA2-512. If you're syncing using git then the |
11 |
manifests only reference distfiles, and the only link between the |
12 |
commit and the tree/objects are their SHA-1 hashes until git adopts a |
13 |
different hash function. |
14 |
|
15 |
> Yea I see this argument, but I don't quite buy it. Maintaining two |
16 |
> sets of hashes for the unlikely event that one gets broken AND we |
17 |
> absolutely cannot incrementally transition gradually to an unbroken |
18 |
> one seems rather overblown. |
19 |
|
20 |
It is very much a hand-waving judgement call. This is one of those |
21 |
low cost, low risk, high reward situations IMO. The cost of |
22 |
calculating hashes is fairly low (especially if done in a more sane |
23 |
way). The odds it will ever have a benefit are low. If it does have |
24 |
a benefit, it will be in a situation where the world is on fire and |
25 |
we'll be very happy to not have to go verify a gazillion distfiles on |
26 |
top of everything else we have to fix. I'll defer to those wiser than |
27 |
me to make the call. :) |
28 |
|
29 |
-- |
30 |
Rich |