Hi, everyone. The Council has approved the manifest-hashes switch on 2017-11-12 meeting [1]. The transition will occur to the initial plan, with small changes. The updated plan is included at the end of this mail.
According to this plan, BLAKE2B will be enabled on 2017-11-21. This means that starting at this time, all new and updated DIST entries will use BLAKE2B+SHA512. Old DIST entries will still use the current hash set until updated. The developers are required to upgrade to a package manager supporting this hash. That is: a. Portage 2.3.5 when using py3.6+, b. Portage 2.3.13 + pyblake2 installed manually, c. Portage 2.3.13-r1 that includes the pyblake2 dep. Modern (and old) Portage will refuse to update Manifests if it does not support the necessary hashes. However, Portage versions between 2.3.5 and 2.3.13 inclusively will create Manifests missing BLAKE2B hash rather than failing when no hash provider is present. Those Manifests will be rejected by the git hook. Users will not be affected noticeably as the SHA512 hash continues being used for compatibility. That said, I'd like to request developers not to start proactively converting all old Manifest entries to the new set immediately, and instead give some time for things to settle down. The updated plan ================ Already done: - revbumped Portage with pyblake2 dep and started stabilizing it, - added git update hook to reject invalid Manifest entries. 2017-11-21 (T+7d): - manifest-hashes = BLAKE2B SHA512 2018-02-14 (T+3m): - manifest-required-hashes = BLAKE2B 2018-05-14 (T+6m): - last rite fetch-restricted packages that do not use BLAKE2B. The final removal of SHA512 will be decided by the Council separately. -- Best regards, Michał Górny
