1 |
On 10/02/2011 05:46 AM, Robin H. Johnson wrote: |
2 |
> On Sat, Oct 01, 2011 at 09:40:13PM -0700, Zac Medico wrote: |
3 |
>> If we control these hashes via metadata/layout.conf, then we can toggle |
4 |
>> it atomically for all commiters. Otherwise, we'll have an annoying |
5 |
>> period of time where different committers are committing different sets |
6 |
>> of hashes, depending on their portage version. |
7 |
> How do you suggest doing it via layout.conf? I've kept SHA256 in both |
8 |
> sets for now, but if you could enforce new signatures including both |
9 |
> WHIRLPOOL and SHA256, that would be great. |
10 |
|
11 |
How about if we put something like this in |
12 |
gentoo-x86/metadata/layout.conf now: |
13 |
|
14 |
manifest2-sha1 = true |
15 |
manifest2-whirlpool = false |
16 |
|
17 |
Then we'll patch portage so that by default it will disable SHA1 and |
18 |
enable WHIRLPOOL, and the above settings will override the defaults. |
19 |
After the patched portage is marked stable in a month or so, we'll send |
20 |
an announcement to gentoo-announce, and remove the above settings from |
21 |
layout.conf. |
22 |
-- |
23 |
Thanks, |
24 |
Zac |