1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
Tiziano Müller wrote: |
5 |
> Am Montag, den 02.02.2009, 12:34 -0800 schrieb Zac Medico: |
6 |
>> For the digest format, I suggest that we use the leftmost 10 |
7 |
>> hexadecimal digits of the SHA-1 digest. The rationale for limiting |
8 |
>> it to 10 digits (out of 40) is to save space. Due to the avalanche |
9 |
>> effect [2], 10 digits should be sufficient to ensure that problems |
10 |
>> resulting from hash collisions are extremely unlikely. |
11 |
> I'd recommend to prefix the digest with a "{TYPE}" (like for hashed |
12 |
> passwords) to be able to change the digest algorithm as needed |
13 |
> (especially in regards to the current SHA successor competition). |
14 |
> This allows a future package manager which might use SHA-3 for hashing |
15 |
> (once it's released) to still check old digests. Furthermore it would |
16 |
> allow for easier transition and only needs a definition of allowed |
17 |
> hashes instead of a specific one. |
18 |
|
19 |
I like that idea. That way it's not necessary to bump the EAPI in |
20 |
order to change the hash function. So, a typical DIGESTS value might |
21 |
look like this: |
22 |
|
23 |
SHA1 02021be38b a28b191904 3992945426 6ec21b29a3 |
24 |
|
25 |
>> The primary reason to use a digest for cache validation instead of a |
26 |
>> timestamp is that it allows the cache validation mechanism to work |
27 |
>> even if the tree is distributed with a protocol that does not |
28 |
>> preserve timestamps, such as git or subversion. This would make it |
29 |
> Well, usually you don't keep intermediate or generated files in a VCS, |
30 |
> so why the metadata? |
31 |
|
32 |
People who distribute overlays commonly ask if it's possible to |
33 |
distribute metadata cache with the overlay. Using a format that |
34 |
doesn't rely on timestamps will allow them to distribute metadata |
35 |
cache using their existing infrastructure, which is typically git or |
36 |
subversion. In addition to overlays, it would also be useful for |
37 |
forks of the entire gentoo tree, such as the funtoo tree [1]. |
38 |
|
39 |
[1] http://github.com/funtoo/portage/tree/master |
40 |
- -- |
41 |
Thanks, |
42 |
Zac |
43 |
-----BEGIN PGP SIGNATURE----- |
44 |
Version: GnuPG v2.0.9 (GNU/Linux) |
45 |
|
46 |
iEYEARECAAYFAkmOF+UACgkQ/ejvha5XGaPSyQCg7kVF3S1z4G+7pXOrLBB1Pu77 |
47 |
Y5cAnj60bGSww8SLfcqhHmk1voKwm20+ |
48 |
=PmlJ |
49 |
-----END PGP SIGNATURE----- |