Re: Reasons for having SHA512?

To: Aleksey Cheusov <cheusov%tut.by@localhost>
Subject: Re: Reasons for having SHA512?
From: Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>
Date: Mon, 13 Jun 2011 23:16:48 +0200

On 12.06.2011 22:16, Aleksey Cheusov wrote:
> While cksums from SHA512 is definitely useful I'm thinking about is
> SHA512.gz file itself is really necessary. We can store cksums inside
> pkg_summary(5), for example, like the following.
> 
>    PKGNAME=abcde-2.3.99.7
>    COMMENT=Command-line utility to rip and encode an audio CD
>    SIZE_PKG=175220
>    CKSUM=<cksum_type> <cksum>
>    ...
> 
> where <cksum_type> is sha512, rmd160, md5 or anything else supported by 
> digest(1).
> 
> My idea is to provide _single_ file (signed!) containing everything
> needed for package management.
> 
> Ideas?

Seems like a good idea to me; however, from a package management
perspective, I believe that single signed pkg_summary file (the one you
propose, with a list of cksums) AND per-package signature should be both
possible.

Please ignore my remark if that's not what you propose.

-- 
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost

Follow-Ups:
- Re: Reasons for having SHA512?
  - From: Aleksey Cheusov
- Re: Reasons for having SHA512?
  - From: Aleksey Cheusov

References:
- Reasons for having SHA512?
  - From: Aleksey Cheusov

Prev by Date: Re: ffmpeg vs pthread / qnx
Next by Date: Re: Reasons for having SHA512?
Previous by Thread: Reasons for having SHA512?
Next by Thread: Re: Reasons for having SHA512?
Indexes:

Home | Main Index | Thread Index | Old Index