> On Mon, 3 Apr 2017, Dirkjan Ochtman wrote:
> This seems pretty hasty.
> First of all, SHA-256 should be safe for all intents and purposes,
> and for the foreseeable future. This is nothing like Git's usage of
> SHA-1, which was known to be on the way to brokenville for a long
> time. I don'
On 04/02/2017 05:05 AM, David Seifert wrote:
[[ ${XEMACS_PKG_CAT} ]] || die "XEMACS_PKG_CAT was not defined before inheriting
xemacs-packages-r1.eclass"
case ${XEMACS_PKG_CAT} in
standard|mule|contrib)
;;
*)
die "Unsupported package category in XE
Hi,
On Mon, 3 Apr 2017 22:00:15 +0200
Dirkjan Ochtman wrote:
> First of all, SHA-256 should be safe for all intents and purposes, and
> for the foreseeable future. This is nothing like Git's usage of SHA-1,
> which was known to be on the way to brokenville for a long time. I
> don't think there
On Mon, Apr 3, 2017 at 7:09 PM, Michał Górny wrote:
> Your thoughts?
This seems pretty hasty.
First of all, SHA-256 should be safe for all intents and purposes, and
for the foreseeable future. This is nothing like Git's usage of SHA-1,
which was known to be on the way to brokenville for a long t
Hey all,
while we're discussing super-strength hash algos, it would be cool to know
what's still missing for
* rsync-side manifest signing in whatever way
* verification of such signatures in portage / emerge
This is the bigger problem (probably also requiring more work though)...
Cheers,
And
# NP-Hardass (03 Apr 2017)
# Masked for removal in 30 days. Unable to generate new
# hashes for the manifest, per Bug #612720, Bug #612718
# Upstream has also deprecated these in favor of
# app-emulation/crossover-bin
app-emulation/crossover-office-bin
app-emulation/crossover-office-pro-bin
--
N
On wto, 2017-04-04 at 00:32 +0700, Vadim A. Misbakh-Soloviov wrote:
> Good idea, but all the time I read it from first mention until the end of
> your
> email, I asked myself: "Who the hell on the Earth need GOST-crypto crap in
> portage?".
>
> The only purpose of this crypto algorythms is to u
On Tue, Apr 04, 2017 at 12:49:16AM +0700, Vadim A. Misbakh-Soloviov wrote:
> > What is the gain of using a secure hash
> > algorithm in the manifests if you can simply replace the manifest with a
> > MITM attack on the rsync update?
> I'd say "the solution is to stop using rsync and use git" (there
On Mon, 2017-04-03 at 19:09 +0200, Michał Górny wrote:
> Therefore, my proposal would be to use the following set once their
> support reaches the stable version of Portage:
>
> manifest-hashes = SHA512 SHA3-512 WHIRLPOOL
>
>
> Your thoughts?
>
>
>
> [1]:https://bugs.gentoo.org/612716
> [2]
> What is the gain of using a secure hash
> algorithm in the manifests if you can simply replace the manifest with a
> MITM attack on the rsync update?
I'd say "the solution is to stop using rsync and use git" (there is git mirror
with all the metadata), but...
Git does not support (correct me, i
Good idea, but all the time I read it from first mention until the end of your
email, I asked myself: "Who the hell on the Earth need GOST-crypto crap in
portage?".
The only purpose of this crypto algorythms is to use them in Russian
government-related structures (includig schools, tho :-/ ) ju
> manifest-hashes = SHA512 SHA3-512 WHIRLPOOL
>
> Your thoughts?
I just want to point out that according to GLEP 63 we only require pgp
signatures with at least sha-256 [1]. Further, our PGP signatures by the
release team are as well either SHA-256/SHA-512.
So using SHA3-512 (or whirlpool for t
Hi, everyone.
I'd like to open an early discussion and start planning transition to
an updated set of Manifest hashes.
Current state
=
The current hash set includes the three following hashes:
- SHA256 (SHA2),
- SHA512 (SHA2),
- Whirlpool.
Of these three hashes, SHA256 is considere
Hello,
some packages for grasp who is interested:
app-emulation/vpcs
dev-python/aiohttp-cors
dev-python/kiwisolver
dev-python/python-zipstream
dev-python/raven
net-misc/gns3-converter
net-misc/gns3-gui
net-misc/gns3-server
net-misc/leapcast
Cheers,
Amy Liffey
signature.asc
Description: OpenPGP
14 matches
Mail list logo
