1 |
On Tue, 24 Mar 2009 09:45:30 +0200 |
2 |
mmacleod@××××××××××.za wrote: |
3 |
|
4 |
> > Then have a hash generate set up where it would take |
5 |
> > the name, version, and use flags, cflags and hash just that |
6 |
> > information. |
7 |
> We are talking about two different types of hashes. |
8 |
> There would be a hash in the package names in order to tell the |
9 |
> difference between package foo compiled with use flag "bar" and |
10 |
> package foo compiled without useflag "baa"(It would also have to take |
11 |
> into account cflags and dependency versions), this is part of the |
12 |
> "improved binary support idea". |
13 |
|
14 |
I'm not sure if this is doable, but not using hashes would be great. |
15 |
It would be cool to encode as much information as possible so that it |
16 |
can be decoded again. In any case, there should be a database with what |
17 |
the hashes mean, so that users can see "Ok, i use this and that CLFAGS |
18 |
and this and that USE-flags, and if i now change that USE-flag which I |
19 |
don't really care about and add -pipe to my CFLAGS, I can find almost |
20 |
everything I need as binary packages". |
21 |
|
22 |
It would also be cool to work with the stats project here to find out, |
23 |
which CFLAGS and USE-flags are used, which packages are installed. |
24 |
|
25 |
> The second kind of hash that I am talking about now is a security |
26 |
> hash computed over the final package file. By having multiple users |
27 |
> compile the package and generate a security hash of it one can |
28 |
> ensure(within reasonable doubt) that the package has not been |
29 |
> tampered with by the contributor, by for example adding a rootkit to |
30 |
> the source code. |
31 |
|
32 |
As far as I know, tar is used. If times or anything like that are saved |
33 |
in the tarball, you can forget to reproduce a tarball with the same |
34 |
hash. Also, sometimes the time and date when it was compiled is saved |
35 |
in the binary. So, either I don't understand you, or it just will not |
36 |
work. |
37 |
|
38 |
Philipp |