Reasons for having SHA512?

To: tech-pkg%NetBSD.org@localhost
Subject: Reasons for having SHA512?
From: Aleksey Cheusov <cheusov%tut.by@localhost>
Date: Sun, 12 Jun 2011 23:16:07 +0300

Several years ago Joerg introduced SHA512 file in pbulk.  It contains
cksums for all binary packages in repository and cksum for
pkg_summary(5) file and uploaded to ftp:// together with
pkg_summary(5). In pkgtools/nih, my pkgsrc package manager, I use these
cksums for checking downloaded binaries against SHA512.txt to make sure
that downloaded packages are exactly the same as they are in the
repository.

While cksums from SHA512 is definitely useful I'm thinking about is
SHA512.gz file itself is really necessary. We can store cksums inside
pkg_summary(5), for example, like the following.

   PKGNAME=abcde-2.3.99.7
   COMMENT=Command-line utility to rip and encode an audio CD
   SIZE_PKG=175220
   CKSUM=<cksum_type> <cksum>
   ...

where <cksum_type> is sha512, rmd160, md5 or anything else supported by 
digest(1).

My idea is to provide _single_ file (signed!) containing everything
needed for package management.

Ideas?

-- 
Best regards, Aleksey Cheusov.

Follow-Ups:
- Re: Reasons for having SHA512?
  - From: Jean-Yves Migeon

Prev by Date: Re: pkgsrc-dewey combining or sorting?
Next by Date: Re: pkgsrc-dewey combining or sorting?
Previous by Thread: daily pkgsrc CVS update output
Next by Thread: Re: Reasons for having SHA512?
Indexes:

Home | Main Index | Thread Index | Old Index