[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Reasons for having SHA512?
> On 06.09.2011 10:25, Aleksey Cheusov wrote:
> > On Tue, Jun 14, 2011 at 12:16 AM, Jean-Yves Migeon
> > <jeanyves.migeon%free.fr@localhost> wrote:
> >> On 12.06.2011 22:16, Aleksey Cheusov wrote:
> >>> While cksums from SHA512 is definitely useful I'm thinking about is
> >>> SHA512.gz file itself is really necessary. We can store cksums inside
> >>> pkg_summary(5), for example, like the following.
> >>> PKGNAME=abcde-220.127.116.11
> >>> COMMENT=Command-line utility to rip and encode an audio CD
> >>> SIZE_PKG=175220
> >>> CKSUM=<cksum_type> <cksum>
> >>> ...
> >>> where <cksum_type> is sha512, rmd160, md5 or anything else supported
> by digest(1).
> >>> My idea is to provide _single_ file (signed!) containing everything
> >>> needed for package management.
> >>> Ideas?
> >> Seems like a good idea to me;
> > I'd like to commit the ttached patch. Objections?
> One question: will it support multivalue, like:
> CKSUM=SHA1 2d7bb5572221afa7d7fb30c8d19d3f693bfeee14
> CKSUM=MD5 d9f7497c382d9ee2709f9d1b560aecaf
Yes. I'll add "Multiple CKSUM lines are allowed." to man page.
But cksum type is in lowercase just like in digest.
FYI: pkg_bin_summary -k'md5 rmd160' *.tgz > pkg_summary.txt
> I don't object this, but keep in mind that my reasoning still applies:
> signing only one file for package management does not make it easy when
> you move .tar.gz packages around.
I remember your point and I had no plan to discuss package signing.
I need checksums for making package download predictable
(in nih) and more efficient.
NEU: FreePhone - 0ct/min Handyspartarif mit Geld-zurück-Garantie!
Jetzt informieren: http://www.gmx.net/de/go/freephone
Main Index |
Thread Index |