List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Mon, Feb 1, 2010 at 1:23 AM, Doug Goldstein <email@example.com> wrote:
> However, great work on this GLEP, you've put forth some good solid
> research into it.
Agreed. I would suggest to use this series of GLEPs as examples of
what to do for future GLEP writers.
> I do hope that we don't intend on settling on SHA512 as the end all
> solution as well. We should retain a method for bumping the hashing
> algorithm used when the SHA-3 family becomes available.
From the way I understand it the GLEP implies that we can add hashes
at will. But that's a good point, and a one-liner somewhere making it
explicit would be useful. Thus, in "What should be done" I would I
would for example replace
"We should be prepared to add stronger checksums wherever possible,
and to remove those that have been defeated."
"Stronger checksums shall be added as soon as an implementation is
available in Portage. Weak checksums may be removed as long as the
depreciation process is followed (see below)."
And then, in "Checksum depreciation timing" I would prefer that the
description of what needs to be done in the present situation was used
as an example after a more general rule is stated. Something like:
"At least one older algorithm must remain until the new one(s) has
(have) been in stable Portage for minimum one year."
The one year period is debatable, what matters is we have well defined
rules in order to avoid future flamewars.