Gentoo Archives: gentoo-dev

From: "Robin H. Johnson" <robbat2@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] proposal: use only one hash function in manifest files
Date: Wed, 20 Apr 2022 00:00:32
Message-Id: robbat2-20220419T235831-766834261Z@orbis-terrarum.net
In Reply to: Re: [gentoo-dev] proposal: use only one hash function in manifest files by "Robin H. Johnson"
1 On Wed, Apr 06, 2022 at 05:23:25PM +0000, Robin H. Johnson wrote:
2 > On Wed, Apr 06, 2022 at 02:15:02AM +0200, Jason A. Donenfeld wrote:
3 > > 2) Comparability: other distros use SHA2-512, as well as various
4 > > upstreams, which means we can compare our hashes to theirs easily.
5 > Can we expand on this specific thread for a moment?
6 >
7 > I was the author of GLEP59 about changing the Manifest hashes, and I
8 > noted at the time, with references, that the effective strength of a set
9 > of hashes is only that of the strongest hash.
10 Bump for my parent message, that I'm very surprised at the lack of
11 responses to two messages in this thread.
12
13 https://archives.gentoo.org/gentoo-dev/message/18216da0128ee79733fa68bb77fa8b69
14 https://archives.gentoo.org/gentoo-dev/message/a9974ec34dfb25810dab47e3fa322a52
15
16 --
17 Robin Hugh Johnson
18 Gentoo Linux: Dev, Infra Lead, Foundation Treasurer
19 E-Mail : robbat2@g.o
20 GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
21 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136