1 |
On 11/15/2017 12:47 PM, R0b0t1 wrote: |
2 |
> On Wednesday, November 15, 2017, Michał Górny <mgorny@g.o |
3 |
> <mailto:mgorny@g.o>> wrote: |
4 |
>> Hi, everyone. |
5 |
>> |
6 |
>> The Council has approved the manifest-hashes switch on 2017-11-12 |
7 |
>> meeting [1]. The transition will occur to the initial plan, with small |
8 |
>> changes. The updated plan is included at the end of this mail. |
9 |
>> |
10 |
>> According to this plan, BLAKE2B will be enabled on 2017-11-21. This |
11 |
>> means that starting at this time, all new and updated DIST entries will |
12 |
>> use BLAKE2B+SHA512. Old DIST entries will still use the current hash set |
13 |
>> until updated. |
14 |
>> |
15 |
>> The developers are required to upgrade to a package manager supporting |
16 |
>> this hash. That is: |
17 |
>> |
18 |
>> a. Portage 2.3.5 when using py3.6+, |
19 |
>> |
20 |
>> b. Portage 2.3.13 + pyblake2 installed manually, |
21 |
>> |
22 |
>> c. Portage 2.3.13-r1 that includes the pyblake2 dep. |
23 |
>> |
24 |
>> Modern (and old) Portage will refuse to update Manifests if it does not |
25 |
>> support the necessary hashes. However, Portage versions between 2.3.5 |
26 |
>> and 2.3.13 inclusively will create Manifests missing BLAKE2B hash rather |
27 |
>> than failing when no hash provider is present. Those Manifests will be |
28 |
>> rejected by the git hook. |
29 |
>> |
30 |
>> Users will not be affected noticeably as the SHA512 hash continues being |
31 |
>> used for compatibility. |
32 |
>> |
33 |
>> |
34 |
>> That said, I'd like to request developers not to start proactively |
35 |
>> converting all old Manifest entries to the new set immediately, |
36 |
>> and instead give some time for things to settle down. |
37 |
>> |
38 |
>> |
39 |
>> |
40 |
>> The updated plan |
41 |
>> ================ |
42 |
>> |
43 |
>> Already done: |
44 |
>> |
45 |
>> - revbumped Portage with pyblake2 dep and started stabilizing it, |
46 |
>> |
47 |
>> - added git update hook to reject invalid Manifest entries. |
48 |
>> |
49 |
>> 2017-11-21 (T+7d): |
50 |
>> |
51 |
>> - manifest-hashes = BLAKE2B SHA512 |
52 |
>> |
53 |
>> 2018-02-14 (T+3m): |
54 |
>> |
55 |
>> - manifest-required-hashes = BLAKE2B |
56 |
>> |
57 |
>> 2018-05-14 (T+6m): |
58 |
>> |
59 |
>> - last rite fetch-restricted packages that do not use BLAKE2B. |
60 |
>> |
61 |
>> The final removal of SHA512 will be decided by the Council separately. |
62 |
>> |
63 |
> |
64 |
> Does the existence of a decision mean I would need to contact the |
65 |
> trustees if I feel the changes have not been adequately justified? |
66 |
> |
67 |
> Respectfully, |
68 |
> R0b0t1 |
69 |
|
70 |
No, if you think there is an issue with the Council decision, you should |
71 |
speak with the Council. Moreover... The Council is responsible for |
72 |
technical decisions within Gentoo. Unless it violates the Social |
73 |
Contract, I cannot see how the Trustees should be involved here. They |
74 |
have empowered the Council to make technical decisions as they see fit. |
75 |
|
76 |
-- |
77 |
NP-Hardass |