On Wed, Apr 6, 2022 at 1:29 PM Jason A. Donenfeld <zx...@gentoo.org> wrote: > > Sort of. The security between infra and users relies on SHA2-512. The > security between devs and infra relies on SHA-1. I guess the "full > system" depends on both, but I've been focused on the more likely > issue of a community-run mirror serving bogus files.
Well, that depends on how you're syncing the tree. If you're using rsync then there is a signed manifest in the root, so I agree in that case it is just SHA2-512. If you're syncing using git then the manifests only reference distfiles, and the only link between the commit and the tree/objects are their SHA-1 hashes until git adopts a different hash function. > Yea I see this argument, but I don't quite buy it. Maintaining two > sets of hashes for the unlikely event that one gets broken AND we > absolutely cannot incrementally transition gradually to an unbroken > one seems rather overblown. It is very much a hand-waving judgement call. This is one of those low cost, low risk, high reward situations IMO. The cost of calculating hashes is fairly low (especially if done in a more sane way). The odds it will ever have a benefit are low. If it does have a benefit, it will be in a situation where the world is on fire and we'll be very happy to not have to go verify a gazillion distfiles on top of everything else we have to fix. I'll defer to those wiser than me to make the call. :) -- Rich
