#5846: move away from md5 for look-aside cache
Fedora Release Engineering
rel-eng at fedoraproject.org
Wed Feb 12 16:32:41 UTC 2014
#5846: move away from md5 for look-aside cache
-------------------+-----------------------
Reporter: till | Owner: rel-eng@…
Type: task | Status: new
Milestone: | Component: other
Resolution: | Keywords:
Blocked By: | Blocking:
-------------------+-----------------------
Comment (by tmz):
It seems to me that the hash used can be determined by the length of the
hash string. Those are constant.
{{{
$ for hash in md5sum sha{1,256,512}sum; do len=$( $hash ~/.bashrc | awk
'{printf "%s", $1}' | wc -c ); printf "%-10s: %3s\n" $hash $len; done
md5sum : 32
sha1sum : 40
sha256sum : 64
sha512sum : 128
}}}
It would even be possible to determine individually for different items in
a single source file and have the tools use the appropriate tool to verify
each item (though mixing them seems like it would be rather pointless ;).
But teaching the tools that verify sources to use the non-changing format
of the various hash algorithms would allow changes to be made to the hash
used to generate sources without requiring that every packager updated
fedpkg first, wouldn't it? Then, as soon as the builders were updated to
recognize a new hash algorithm, it could be used in a sources file.
(Apologies for chiming in without any code to show, I feel guilty about
that.)
--
Ticket URL: <https://fedorahosted.org/rel-eng/ticket/5846#comment:8>
Fedora Release Engineering <http://fedorahosted.org/rel-eng>
Release Engineering for the Fedora Project
More information about the rel-eng
mailing list