tech-pkg archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Reasons for having SHA512?
On 12.06.2011 22:16, Aleksey Cheusov wrote:
> While cksums from SHA512 is definitely useful I'm thinking about is
> SHA512.gz file itself is really necessary. We can store cksums inside
> pkg_summary(5), for example, like the following.
>
> PKGNAME=abcde-2.3.99.7
> COMMENT=Command-line utility to rip and encode an audio CD
> SIZE_PKG=175220
> CKSUM=<cksum_type> <cksum>
> ...
>
> where <cksum_type> is sha512, rmd160, md5 or anything else supported by
> digest(1).
>
> My idea is to provide _single_ file (signed!) containing everything
> needed for package management.
>
> Ideas?
Seems like a good idea to me; however, from a package management
perspective, I believe that single signed pkg_summary file (the one you
propose, with a list of cksums) AND per-package signature should be both
possible.
Please ignore my remark if that's not what you propose.
--
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost
Home |
Main Index |
Thread Index |
Old Index