[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Reasons for having SHA512?
>> While cksums from SHA512 is definitely useful I'm thinking about is
>> SHA512.gz file itself is really necessary. We can store cksums inside
>> pkg_summary(5), for example, like the following.
>> COMMENT=Command-line utility to rip and encode an audio CD
>> CKSUM=<cksum_type> <cksum>
>> where <cksum_type> is sha512, rmd160, md5 or anything else supported by
>> My idea is to provide _single_ file (signed!) containing everything
>> needed for package management.
> Seems like a good idea to me; however, from a package management
> perspective, I believe that single signed pkg_summary file (the one you
> propose, with a list of cksums) AND per-package signature should be both
If we sign pkg_summary(5) containing sha512 and rmd160 cksums (just like
we do for distfiles) for all packages, is it really necessary to sign
every package individually? I think no. It seems to me that we can just
remove some unnecessary code from pkg_admin(8) and keep pkg_summary(5)
and binary packages on ftp:// always in sync.
Best regards, Aleksey Cheusov.
Main Index |
Thread Index |