1 |
On Thu, Sep 21, 2006 at 09:49:18AM -0400, Mike Frysinger wrote: |
2 |
> On Thursday 21 September 2006 09:34, Marius Mauch wrote: |
3 |
> > Manifest2 records do not contain a MD5 checksum. The only guaranteed |
4 |
> > checksum type there is SHA1. So once manifest1 is phased out the tree |
5 |
> > will not contain MD5 checksums anymore. |
6 |
> |
7 |
> by "guaranteed" do you mean "guaranteed to be in the records" ? SHA1 has |
8 |
> proven to be "insecure" like MD5 |
9 |
|
10 |
Guranteed to be in the chksum data; iow, when manifest2 is switched |
11 |
over to fully all manifest1/digest data becomes effectively invisible |
12 |
to portage and is filtered out on commits. |
13 |
|
14 |
So... what's guranteed in manifest2 now is just sha1. In reality, it |
15 |
holds size/sha1/sha256/rmd160 per file entry. |
16 |
~harring |