On Thu, 15 Dec 2005 22:47:21 -0500 Mike Frysinger <[EMAIL PROTECTED]> wrote:
> this months meeting wasnt too eventful, kind of quiet ... on the > agenda: > > - Marius: decision on multi-hash for Manifest1 > there was a bit of hearsay about why the council was asked to > review/decide on this issue since we werent able to locate any > portage devs at the time of the meeting ... Well, it would help if the actual meeting date would be announced and not pushed back without notice ;) > so our decision comes with a slight caveat. assuming the reasons > our input was asked for was summarized in the e-mail originally > sent by Marius [1], then we're for what we dubbed option (2.5.1). > that is, the portage team should go ahead with portage 2.0.54 and > include support for SHA256/RMD160 hashes on top of MD5 hashes. SHA1 > should not be included as having both SHA256/SHA1 is pointless. Ok, not a problem. > it was also noted that we should probably omit ChangeLog and > metadata.xml files from the current Manifest schema as digesting > them serves no real purpose. You're all aware that this would break <portage-2.0.51.20 (so any portage version older than 6 months)? Also while they don't affect the build process they contain important information and are/will be parsed by portage, so I'm not that comfortable with dropping also the option of verifying them permanently. One thing solar has pointed out is that in countries with stupid laws pycrypto violates some patents so currently we cannot ship it in stages or binary packages (so I'm told, I'm neither a lawyer nor someone who is affected by such laws). This is probably something releng and the python herd have to deal with. So right now I'll go ahead and add the pycrypto code to portage, but will not yet add the dep to any ebuild or change anything metadata.xml or ChangeLog related (according to Jason 2.0.54 is still away one or two weeks anyway). Marius -- Public Key at http://www.genone.de/info/gpg-key.pub In the beginning, there was nothing. And God said, 'Let there be Light.' And there was still nothing, but you could see a bit better.
signature.asc
Description: PGP signature