Archives
Archives
| From: | "Jason A. Donenfeld" <zx2c4@g.o> | ||
|---|---|---|---|
| To: | gentoo-dev@l.g.o | ||
| Cc: | Matt Turner <mattst88@g.o> | ||
| Subject: | Re: [gentoo-dev] proposal: use only one hash function in manifest files | ||
| Date: | Tue, 05 Apr 2022 19:30:50 | ||
| Message-Id: | CAHmME9rJ8=V1VW5P5TuQ71mg7MkaCkmwrPfWM6nu-YV7j=y7mQ@mail.gmail.com | ||
| In Reply to: | Re: [gentoo-dev] proposal: use only one hash function in manifest files by Matt Turner |
||
| 1 | Hi Matt, |
| 2 | |
| 3 | On Tue, Apr 5, 2022 at 8:58 PM Matt Turner <mattst88@g.o> wrote: |
| 4 | > This was a topic in June 2021's Council meeting: |
| 5 | > |
| 6 | > https://gitweb.gentoo.org/sites/projects/council.git/tree/meeting-logs/20210613-summary.txt#n33 |
| 7 | > https://gitweb.gentoo.org/sites/projects/council.git/tree/meeting-logs/20210613.txt#n137 |
| 8 | > |
| 9 | > Basically there was no great reason presented for making the change |
| 10 | > and some (IMO specious) reasons for keeping multiple hashes. I don't |
| 11 | > think anyone felt strongly enough about removing one hash to fight for |
| 12 | > it. |
| 13 | |
| 14 | Huh. Something not brought up there or https://bugs.gentoo.org/784710 |
| 15 | is the fact that the _security_ of the system reduces to SHA-512 as |
| 16 | used by our GPG signatures. |
| 17 | |
| 18 | By the way, we're not currently _checking_ two hash functions during |
| 19 | src_prepare(), are we? |
| 20 | |
| 21 | Jason |
| Subject | Author |
|---|---|
| Re: [gentoo-dev] proposal: use only one hash function in manifest files | Ulrich Mueller <ulm@g.o> |
| Re: [gentoo-dev] proposal: use only one hash function in manifest files | Matt Turner <mattst88@g.o> |