Gentoo Logo
Gentoo Spaceship




Note: Due to technical difficulties, the Archives are currently not up to date. GMANE provides an alternative service for most mailing lists.
c.f. bug 424647
List Archive: gentoo-dev
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Headers:
To: gentoo-dev@g.o
From: Denis Dupeyron <calchan@g.o>
Subject: Re: GLEP59 - Manifest2 hashes
Date: Mon, 1 Feb 2010 23:06:15 -0700
On Mon, Feb 1, 2010 at 1:23 AM, Doug Goldstein <cardoe@g.o> wrote:
> However, great work on this GLEP, you've put forth some good solid
> research into it.

Agreed. I would suggest to use this series of GLEPs as examples of
what to do for future GLEP writers.

> I do hope that we don't intend on settling on SHA512 as the end all
> solution as well. We should retain a method for bumping the hashing
> algorithm used when the SHA-3 family becomes available.

From the way I understand it the GLEP implies that we can add hashes
at will. But that's a good point, and a one-liner somewhere making it
explicit would be useful. Thus, in "What should be done" I would I
would for example replace
"We should be prepared to add stronger checksums wherever possible,
and to remove those that have been defeated."
with:
"Stronger checksums shall be added as soon as an implementation is
available in Portage. Weak checksums may be removed as long as the
depreciation process is followed (see below)."

And then, in "Checksum depreciation timing" I would prefer that the
description of what needs to be done in the present situation was used
as an example after a more general rule is stated. Something like:
"At least one older algorithm must remain until the new one(s) has
(have) been in stable Portage for minimum one year."
The one year period is debatable, what matters is we have well defined
rules in order to avoid future flamewars.

Denis.


Replies:
Re: GLEP59 - Manifest2 hashes
-- Robin H. Johnson
References:
Tree-signing GLEPs update
-- Robin H. Johnson
GLEP59 - Manifest2 hashes
-- Robin H. Johnson
Re: GLEP59 - Manifest2 hashes
-- Doug Goldstein
Navigation:
Lists: gentoo-dev: < Prev By Thread Next > < Prev By Date Next >
Previous by thread:
Re: GLEP59 - Manifest2 hashes
Next by thread:
Re: GLEP59 - Manifest2 hashes
Previous by date:
Re: Monthly Gentoo Council Reminder for February
Next by date:
dev-db/mysql-community security masking, users must move to dev-db/mysql


Updated Jun 29, 2012

Summary: Archive of the gentoo-dev mailing list.

Donate to support our development efforts.

Copyright 2001-2013 Gentoo Foundation, Inc. Questions, Comments? Contact us.