List Archive: gentoo-dev
Note: Due to technical difficulties, the Archives are currently not up to date.
provides an alternative service for most mailing lists.c.f. bug 424647
On Thursday 21 September 2006 10:00, Brian Harring wrote:
> On Thu, Sep 21, 2006 at 09:49:18AM -0400, Mike Frysinger wrote:
> > On Thursday 21 September 2006 09:34, Marius Mauch wrote:
> > > Manifest2 records do not contain a MD5 checksum. The only guaranteed
> > > checksum type there is SHA1. So once manifest1 is phased out the tree
> > > will not contain MD5 checksums anymore.
> > by "guaranteed" do you mean "guaranteed to be in the records" ? SHA1 has
> > proven to be "insecure" like MD5
> Guranteed to be in the chksum data; iow, when manifest2 is switched
> over to fully all manifest1/digest data becomes effectively invisible
> to portage and is filtered out on commits.
> So... what's guranteed in manifest2 now is just sha1. In reality, it
> holds size/sha1/sha256/rmd160 per file entry.
ok, but it just seems silly to go cutting MD5 but leaving SHA1 ... if we're
going to be leaving an insecure format, we might as well keep the one that is
a virtual standard in and of itself (MD5)