tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Reasons for having SHA512?



On 12.06.2011 22:16, Aleksey Cheusov wrote:
> While cksums from SHA512 is definitely useful I'm thinking about is
> SHA512.gz file itself is really necessary. We can store cksums inside
> pkg_summary(5), for example, like the following.
> 
>    PKGNAME=abcde-2.3.99.7
>    COMMENT=Command-line utility to rip and encode an audio CD
>    SIZE_PKG=175220
>    CKSUM=<cksum_type> <cksum>
>    ...
> 
> where <cksum_type> is sha512, rmd160, md5 or anything else supported by 
> digest(1).
> 
> My idea is to provide _single_ file (signed!) containing everything
> needed for package management.
> 
> Ideas?

Seems like a good idea to me; however, from a package management
perspective, I believe that single signed pkg_summary file (the one you
propose, with a list of cksums) AND per-package signature should be both
possible.

Please ignore my remark if that's not what you propose.

-- 
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost


Home | Main Index | Thread Index | Old Index