tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Add SHA512 digests to package metadata



As I said, I'd like for us to stop relying on MD5 sums as a priority.

The rest of the fixes will come later - I agree that the format of the
+CONTENTS leaves much to be desired, but that is outside the scope of
this change.

On 19 October 2015 at 11:48, Joerg Sonnenberger <joerg%britannica.bec.de@localhost> wrote:
> On Mon, Oct 19, 2015 at 11:29:48AM -0700, Alistair Crooks wrote:
>> Right now, we use MD5 sums only to verify that individual files in
>> package metadata have not been modified. Whilst this is not the end of
>> the world, it needs to be fixed. It also needs to be fixed fairly
>> sharpish. Diffs at:
>>
>> http://ftp.netbsd.org/pub/pkgsrc/misc/agc/pkg_install-20151017.diff
>
> Please don't duplicate the SHA2 code from libnbcompat. I'd prefer to
> stop the abuse of @comment for this as well, but that does require a
> tools bump.
>
> Joerg
>


Home | Main Index | Thread Index | Old Index