Gentoo Archives: gentoo-dev

From: Brian Harring <ferringb@×××××.com>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Notification about MD5 support
Date: Thu, 21 Sep 2006 14:06:21
Message-Id: 20060921140036.GC30105@seldon
In Reply to: Re: [gentoo-dev] Notification about MD5 support by Mike Frysinger
On Thu, Sep 21, 2006 at 09:49:18AM -0400, Mike Frysinger wrote:
> On Thursday 21 September 2006 09:34, Marius Mauch wrote: > > Manifest2 records do not contain a MD5 checksum. The only guaranteed > > checksum type there is SHA1. So once manifest1 is phased out the tree > > will not contain MD5 checksums anymore. > > by "guaranteed" do you mean "guaranteed to be in the records" ? SHA1 has > proven to be "insecure" like MD5
Guranteed to be in the chksum data; iow, when manifest2 is switched over to fully all manifest1/digest data becomes effectively invisible to portage and is filtered out on commits. So... what's guranteed in manifest2 now is just sha1. In reality, it holds size/sha1/sha256/rmd160 per file entry. ~harring


Subject Author
Re: [gentoo-dev] Notification about MD5 support Mike Frysinger <vapier@g.o>