tech-pkg archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Reasons for having SHA512?

On 12.06.2011 22:16, Aleksey Cheusov wrote:
> While cksums from SHA512 is definitely useful I'm thinking about is
> SHA512.gz file itself is really necessary. We can store cksums inside
> pkg_summary(5), for example, like the following.
>    PKGNAME=abcde-
>    COMMENT=Command-line utility to rip and encode an audio CD
>    SIZE_PKG=175220
>    CKSUM=<cksum_type> <cksum>
>    ...
> where <cksum_type> is sha512, rmd160, md5 or anything else supported by 
> digest(1).
> My idea is to provide _single_ file (signed!) containing everything
> needed for package management.
> Ideas?

Seems like a good idea to me; however, from a package management
perspective, I believe that single signed pkg_summary file (the one you
propose, with a list of cksums) AND per-package signature should be both

Please ignore my remark if that's not what you propose.

Jean-Yves Migeon

Home | Main Index | Thread Index | Old Index