| 1 |
On 25/10/2017 14:32, Hanno Böck wrote: |
| 2 |
> Good security includes reducing complexity. Tough (as evident by this |
| 3 |
> thread) it's a thought many people find hard to accept. |
| 4 |
> |
| 5 |
> This thread is going into a completely different direction and I find |
| 6 |
> that worriesome. We have two non-problems ("what if secure hash X gets |
| 7 |
> broken?" and "what if it's too slow? I haven't benchmarked, but what if |
| 8 |
> it's too slow??") and people proposing increasingly complex solutions. |
| 9 |
> |
| 10 |
> If you do what you propose my worries aren't that any hash gets broken |
| 11 |
> or that it's too slow. It's that some bug will chime in where in some |
| 12 |
> situation no hash gets checked whatsoever. |
| 13 |
|
| 14 |
+1 |
| 15 |
|
| 16 |
I consider the multiple hashes we have a part of providing smooth |
| 17 |
migration path (keeping around hashes supported by older portage |
| 18 |
versions). Other than that, yeah, watch out for complexity. |
| 19 |
|
| 20 |
Paweł |
Archives