1 |
W dniu śro, 15.11.2017 o godzinie 17∶28 +0100, użytkownik Michał Górny |
2 |
napisał: |
3 |
> Hi, everyone. |
4 |
> |
5 |
> The Council has approved the manifest-hashes switch on 2017-11-12 |
6 |
> meeting [1]. The transition will occur to the initial plan, with small |
7 |
> changes. The updated plan is included at the end of this mail. |
8 |
> |
9 |
> According to this plan, BLAKE2B will be enabled on 2017-11-21. This |
10 |
> means that starting at this time, all new and updated DIST entries will |
11 |
> use BLAKE2B+SHA512. Old DIST entries will still use the current hash set |
12 |
> until updated. |
13 |
> |
14 |
> The developers are required to upgrade to a package manager supporting |
15 |
> this hash. That is: |
16 |
> |
17 |
> a. Portage 2.3.5 when using py3.6+, |
18 |
> |
19 |
> b. Portage 2.3.13 + pyblake2 installed manually, |
20 |
> |
21 |
> c. Portage 2.3.13-r1 that includes the pyblake2 dep. |
22 |
> |
23 |
> Modern (and old) Portage will refuse to update Manifests if it does not |
24 |
> support the necessary hashes. However, Portage versions between 2.3.5 |
25 |
> and 2.3.13 inclusively will create Manifests missing BLAKE2B hash rather |
26 |
> than failing when no hash provider is present. Those Manifests will be |
27 |
> rejected by the git hook. |
28 |
> |
29 |
> Users will not be affected noticeably as the SHA512 hash continues being |
30 |
> used for compatibility. |
31 |
> |
32 |
> |
33 |
> That said, I'd like to request developers not to start proactively |
34 |
> converting all old Manifest entries to the new set immediately, |
35 |
> and instead give some time for things to settle down. |
36 |
> |
37 |
> |
38 |
> |
39 |
> The updated plan |
40 |
> ================ |
41 |
> |
42 |
> Already done: |
43 |
> |
44 |
> - revbumped Portage with pyblake2 dep and started stabilizing it, |
45 |
> |
46 |
> - added git update hook to reject invalid Manifest entries. |
47 |
> |
48 |
> 2017-11-21 (T+7d): |
49 |
> |
50 |
> - manifest-hashes = BLAKE2B SHA512 |
51 |
|
52 |
FYI, this is now online. Please ping me if you have any issues. |
53 |
|
54 |
> |
55 |
> 2018-02-14 (T+3m): |
56 |
> |
57 |
> - manifest-required-hashes = BLAKE2B |
58 |
> |
59 |
> 2018-05-14 (T+6m): |
60 |
> |
61 |
> - last rite fetch-restricted packages that do not use BLAKE2B. |
62 |
> |
63 |
> The final removal of SHA512 will be decided by the Council separately. |
64 |
> |
65 |
> |
66 |
|
67 |
-- |
68 |
Best regards, |
69 |
Michał Górny |