#5846: move away from md5 for look-aside cache

[Fedora Release Engineering]

#5846: move away from md5 for look-aside cache
-------------------+-----------------------
  Reporter:  till  |      Owner:  rel-eng@…
      Type:  task  |     Status:  new
 Milestone:        |  Component:  other
Resolution:        |   Keywords:
Blocked By:        |   Blocking:
-------------------+-----------------------

Comment (by tmz):

 It seems to me that the hash used can be determined by the length of the
 hash string.  Those are constant.

 {{{
 $ for hash in md5sum sha{1,256,512}sum; do len=$( $hash ~/.bashrc | awk
 '{printf "%s", $1}' | wc -c ); printf "%-10s: %3s\n" $hash $len; done
 md5sum    :  32
 sha1sum   :  40
 sha256sum :  64
 sha512sum : 128
 }}}

 It would even be possible to determine individually for different items in
 a single source file and have the tools use the appropriate tool to verify
 each item (though mixing them seems like it would be rather pointless ;).

 But teaching the tools that verify sources to use the non-changing format
 of the various hash algorithms would allow changes to be made to the hash
 used to generate sources without requiring that every packager updated
 fedpkg first, wouldn't it?  Then, as soon as the builders were updated to
 recognize a new hash algorithm, it could be used in a sources file.

 (Apologies for chiming in without any code to show, I feel guilty about
 that.)

-- 
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/5846#comment:8>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project