| 1 |
On Thu, Sep 21, 2006 at 09:49:18AM -0400, Mike Frysinger wrote: |
| 2 |
> On Thursday 21 September 2006 09:34, Marius Mauch wrote: |
| 3 |
> > Manifest2 records do not contain a MD5 checksum. The only guaranteed |
| 4 |
> > checksum type there is SHA1. So once manifest1 is phased out the tree |
| 5 |
> > will not contain MD5 checksums anymore. |
| 6 |
> |
| 7 |
> by "guaranteed" do you mean "guaranteed to be in the records" ? SHA1 has |
| 8 |
> proven to be "insecure" like MD5 |
| 9 |
|
| 10 |
Guranteed to be in the chksum data; iow, when manifest2 is switched |
| 11 |
over to fully all manifest1/digest data becomes effectively invisible |
| 12 |
to portage and is filtered out on commits. |
| 13 |
|
| 14 |
So... what's guranteed in manifest2 now is just sha1. In reality, it |
| 15 |
holds size/sha1/sha256/rmd160 per file entry. |
| 16 |
~harring |
Archives