> On 6 Apr 2022, at 01:15, Jason A. Donenfeld <zx...@gentoo.org> wrote: > > Hi Sam, > > On Wed, Apr 6, 2022 at 2:02 AM Sam James <s...@gentoo.org> wrote: >> This matches my views and recollection. We could revisit it >> if there was a passionate advocate (which it looks like there may well be). >> >> While I wasn't against it before, I was sort of ambivalent given >> we had no strong reason to, but I'm more willing now given >> we're also cleaning out other Portage cruft at the same time. > > I think actually the argument I'm making this time might be subtly > different from the motions that folks went through last year. > Specifically, the idea last year was to switch to using BLAKE2b only. > I think what the arguments I'm making now point to is switching to > SHA2-512 only.
Oh, right. I see! (Aside: I should've been clearer in my first email, what I meant was: I'm fine with revisiting this, but I remember us feeling kind of lacklustre because even the proposer (mgorny) ended up not having the oomph to push it through given (small) opposition. I don't recall who had the stiff opposition at the time, but I do recall it was only small, but nobody really felt like it was worth the hassle. The overall Council feeling was "meh" without some momentum.) > There are two reasons for this. > > 1) Security: since the GPG signatures use SHA2-512, then the whole > system breaks if SHA2-512 breaks. If we choose BLAKE2b as our only > hash, then if either SHA2-512 or BLAKE2b break, then the system > breaks. But if we choose SHA2-512 as our only hash, then we only need > to worry about SHA2-512 breaking. > > 2) Comparability: other distros use SHA2-512, as well as various > upstreams, which means we can compare our hashes to theirs easily. > > A reason why some people might prefer BLAKE2b over SHA2-512 is a > performance improvement. However, seeing as right now we're opening > the file, reading it, computing BLAKE2b, closing the file, opening the > file again, reading it again, computing SHA2-512, closing the file, I > don't think performance is actually something people care about. Seen > differently, removing either one of them will already give us a > performance "boost" or sorts. > I think this seems pretty reasonable and I don't have any objection to it. 2) is a nice point and it's something Robin raised last time around too. > Jason best, sam
signature.asc
Description: Message signed with OpenPGP
