Re: Add SHA512 digests to package metadata

To: Alistair Crooks <agc%pkgsrc.org@localhost>, tech-pkg%pkgsrc.org@localhost
Subject: Re: Add SHA512 digests to package metadata
From: Alistair Crooks <agc%pkgsrc.org@localhost>
Date: Mon, 19 Oct 2015 12:14:09 -0700

As I said, I'd like for us to stop relying on MD5 sums as a priority.

The rest of the fixes will come later - I agree that the format of the
+CONTENTS leaves much to be desired, but that is outside the scope of
this change.

On 19 October 2015 at 11:48, Joerg Sonnenberger <joerg%britannica.bec.de@localhost> wrote:
> On Mon, Oct 19, 2015 at 11:29:48AM -0700, Alistair Crooks wrote:
>> Right now, we use MD5 sums only to verify that individual files in
>> package metadata have not been modified. Whilst this is not the end of
>> the world, it needs to be fixed. It also needs to be fixed fairly
>> sharpish. Diffs at:
>>
>> http://ftp.netbsd.org/pub/pkgsrc/misc/agc/pkg_install-20151017.diff
>
> Please don't duplicate the SHA2 code from libnbcompat. I'd prefer to
> stop the abuse of @comment for this as well, but that does require a
> tools bump.
>
> Joerg
>

Follow-Ups:
- Re: Add SHA512 digests to package metadata
  - From: Joerg Sonnenberger

References:
- Add SHA512 digests to package metadata
  - From: Alistair Crooks
- Re: Add SHA512 digests to package metadata
  - From: Joerg Sonnenberger

Prev by Date: Re: Add SHA512 digests to package metadata
Next by Date: Re: Add SHA512 digests to package metadata
Previous by Thread: Re: Add SHA512 digests to package metadata
Next by Thread: Re: Add SHA512 digests to package metadata
Indexes:

Home | Main Index | Thread Index | Old Index