Re: Stronger Hashes for PKGBUILDs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 05/14/2018 10:48 AM, Leonid Isaev via arch-general wrote:
> On Mon, May 14, 2018 at 11:23:39AM +0100, Ralph Corderoy wrote:
>> Hi Eli,
>>
>>> Maybe you could ask the coreutils developers whatever happened to
>>> implementing Keccak checksumming tools.
>>
>> SHA-3?  Have you see
>> https://www.imperialviolet.org/2017/05/31/skipsha3.html
>> I've also seen suggestions that the Keccak team push Kangaroo Twelve
>> these days over SHA-3 due to SHA-3's comparative slowness.
> 
> Of course, none of this is relevant for the present thread...

We're currently in feature freeze for pacman 5.1

Anyone who hopes to have b2sum support in *future* versions of pacman,
would be well advised to come across as a person seeking to extend
support for the current crop of common hashing algorithms, not someone
pushing b2sum because "secure all PKGBUILDs".

For this reason, it would probably be useful to see coreutils support
more than one cherry-picked modern hashing algorithm. I'm not really
caring which ones those are, but then I'm also perfectly happy with
sha256/sha512 (which are both of them great algorithms which work
perfectly fine).

So I'm uninterested in the bikeshed on general principle, and only
vaguely interested inasmuch as having more tools and more diversity in
the future would probably be interesting and/or useful. But I can find
lots of arguments for and against all the SHA3 candidates, some of them
rather bitter, so I see no reason to take sides.

-- 
Eli Schwartz
Bug Wrangler and Trusted User

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux