From: | "Jason A. Donenfeld" <zx2c4@g.o> | ||
---|---|---|---|
To: | gentoo-dev@l.g.o | ||
Cc: | Matt Turner <mattst88@g.o> | ||
Subject: | Re: [gentoo-dev] proposal: use only one hash function in manifest files | ||
Date: | Tue, 05 Apr 2022 19:30:50 | ||
Message-Id: | CAHmME9rJ8=V1VW5P5TuQ71mg7MkaCkmwrPfWM6nu-YV7j=y7mQ@mail.gmail.com | ||
In Reply to: | Re: [gentoo-dev] proposal: use only one hash function in manifest files by Matt Turner |
1 | Hi Matt, |
2 | |
3 | On Tue, Apr 5, 2022 at 8:58 PM Matt Turner <mattst88@g.o> wrote: |
4 | > This was a topic in June 2021's Council meeting: |
5 | > |
6 | > https://gitweb.gentoo.org/sites/projects/council.git/tree/meeting-logs/20210613-summary.txt#n33 |
7 | > https://gitweb.gentoo.org/sites/projects/council.git/tree/meeting-logs/20210613.txt#n137 |
8 | > |
9 | > Basically there was no great reason presented for making the change |
10 | > and some (IMO specious) reasons for keeping multiple hashes. I don't |
11 | > think anyone felt strongly enough about removing one hash to fight for |
12 | > it. |
13 | |
14 | Huh. Something not brought up there or https://bugs.gentoo.org/784710 |
15 | is the fact that the _security_ of the system reduces to SHA-512 as |
16 | used by our GPG signatures. |
17 | |
18 | By the way, we're not currently _checking_ two hash functions during |
19 | src_prepare(), are we? |
20 | |
21 | Jason |
Subject | Author |
---|---|
Re: [gentoo-dev] proposal: use only one hash function in manifest files | Ulrich Mueller <ulm@g.o> |
Re: [gentoo-dev] proposal: use only one hash function in manifest files | Matt Turner <mattst88@g.o> |