Re: Add SHA512 digests to package metadata

[Joerg Sonnenberger <joerg%britannica.bec.de@localhost>]

On Mon, Oct 19, 2015 at 01:27:58PM -0700, Alistair Crooks wrote:
> My way of working is to make a number of small changes, and lots of
> them. This usually prevents big bang scenarios. You obviously prefer
> to make fewer, but more far-reaching changes.
> 
> I'm not saying that one approach is better than the other, but I also
> think that trying to make your approach work for me is going to be
> counter-productive, much as if I were to try to encourage my way of
> working onto you.

I don't think that introducing @digest for this purpose is any more
complicated in nature that hacking in an additional magic comment
string. It uses more common parser infrastructure and trades it for a
minor complication of making sure that pkg_install itself does not get
the SHA512 digest for bootstrap purposes.

But let's go back to your patch first. The existing @comment handling is
quite fragile and subtile. Reording of the MD5 and SHA512 line would
mean that old pkg_install will accept the package, but silently skip the
content validation. That sounds to me like a good reason for not going
down this road.

Joerg