[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Reasons for having SHA512?
On 06.09.2011 10:25, Aleksey Cheusov wrote:
> On Tue, Jun 14, 2011 at 12:16 AM, Jean-Yves Migeon
> <jeanyves.migeon%free.fr@localhost> wrote:
>> On 12.06.2011 22:16, Aleksey Cheusov wrote:
>>> While cksums from SHA512 is definitely useful I'm thinking about is
>>> SHA512.gz file itself is really necessary. We can store cksums inside
>>> pkg_summary(5), for example, like the following.
>>> COMMENT=Command-line utility to rip and encode an audio CD
>>> CKSUM=<cksum_type> <cksum>
>>> where <cksum_type> is sha512, rmd160, md5 or anything else supported by
>>> My idea is to provide _single_ file (signed!) containing everything
>>> needed for package management.
>> Seems like a good idea to me;
> I'd like to commit the ttached patch. Objections?
One question: will it support multivalue, like:
I don't object this, but keep in mind that my reasoning still applies:
signing only one file for package management does not make it easy when
you move .tar.gz packages around.
You end up having all the info inside a separate pkg_summary file, and
you can't just "build package" => "sign it" => "install it elsewhere" as
easily: you also have to regenerate the sig for the pkg_summary,
provided you have one, and have it readily accessible when you pkg_add.
Main Index |
Thread Index |