Re: Stronger Hashes for PKGBUILDs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, May 14, 2018 at 11:01:57AM -0400, Eli Schwartz via arch-general wrote:
> We're currently in feature freeze for pacman 5.1
> 
> Anyone who hopes to have b2sum support in *future* versions of pacman,
> would be well advised to come across as a person seeking to extend
> support for the current crop of common hashing algorithms, not someone
> pushing b2sum because "secure all PKGBUILDs".
> 
> For this reason, it would probably be useful to see coreutils support
> more than one cherry-picked modern hashing algorithm. I'm not really
> caring which ones those are, but then I'm also perfectly happy with
> sha256/sha512 (which are both of them great algorithms which work
> perfectly fine).
> 
> So I'm uninterested in the bikeshed on general principle, and only
> vaguely interested inasmuch as having more tools and more diversity in
> the future would probably be interesting and/or useful. But I can find
> lots of arguments for and against all the SHA3 candidates, some of them
> rather bitter, so I see no reason to take sides.

I agree... But I think that trying to identify the best algorithm is a waste of
time because the only important feature is whether a given hash algorithm has
been broken (in the sense of generating collisions). Everything else
(performance, hash size, etc) is completely irrelevant for makepkg use...

It would make sense to include B2B/SHA3 support in makepkg when we start seeing
updtreams provide these hashes. Currently, AFAIK the only "upstream" doing that
is Gentoo in their Manifests.

Cheers,
-- 
Leonid Isaev



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux