#5846: move away from md5 for look-aside cache
-------------------+-----------------------
Reporter: till | Owner: rel-eng@…
Type: task | Status: new
Milestone: | Component: other
Resolution: | Keywords:
Blocked By: | Blocking:
-------------------+-----------------------
Comment (by tmz):
It seems to me that the hash used can be determined by the length of the
hash string. Those are constant.
{{{
$ for hash in md5sum sha{1,256,512}sum; do len=$( $hash ~/.bashrc | awk
'{printf "%s", $1}' | wc -c ); printf "%-10s: %3s\n" $hash
$len; done
md5sum : 32
sha1sum : 40
sha256sum : 64
sha512sum : 128
}}}
It would even be possible to determine individually for different items in
a single source file and have the tools use the appropriate tool to verify
each item (though mixing them seems like it would be rather pointless ;).
But teaching the tools that verify sources to use the non-changing format
of the various hash algorithms would allow changes to be made to the hash
used to generate sources without requiring that every packager updated
fedpkg first, wouldn't it? Then, as soon as the builders were updated to
recognize a new hash algorithm, it could be used in a sources file.
(Apologies for chiming in without any code to show, I feel guilty about
that.)
--
Ticket URL: <
https://fedorahosted.org/rel-eng/ticket/5846#comment:8>
Fedora Release Engineering <
http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project