Subject: DIGEST_ALGORITHMS (was Re: CVS commit: pkgsrc/mk)
To: Alistair G. Crooks <email@example.com>
From: Jeremy C. Reed <firstname.lastname@example.org>
Date: 02/22/2005 13:11:30
On Tue, 22 Feb 2005, Alistair G. Crooks wrote:
> Patchfiles will still use simply SHA1, since we are trying to detect a
> binary "has this file changed", rather than proect against tampering.
> In short, if someone can modify the patch file, they can modify the
> distinfo file holding its digest information. This value is set in the
> new PATCH_DIGEST_ALGORITHM definition.
I didn't look to closely, but is PATCH_DIGEST_ALGORITHM or
DIGEST_ALGORITHMS used for PATCHFILES? (I think your new multiple
DIGEST_ALGORITHMS should be used for remotely retrieved PATCHFILES.)
Jeremy C. Reed
open source, Unix, *BSD, Linux training