Am Montag, den 02.02.2009, 12:34 -0800 schrieb Zac Medico:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi,
>
> I'd like to add a new metadata cache value called DIGESTS which will
> contain a space separated list of digests which can be
> used to validate the metadata cache. Like INHERITED and
> DEFINED_PHASES [1], it will be automatically generated. The first
> digest in the list will correspond to the ebuild. If there are any
> inherited eclasses, the digests of those eclasses will follow in a
> space separated list, in the same order that they occur in the
> INHERITED variable. The value of the DIGESTS variable will be on
> line 18 of the metadata cache (just after DEFINED_PHASES).
>
> For the digest format, I suggest that we use the leftmost 10
> hexadecimal digits of the SHA-1 digest. The rationale for limiting
> it to 10 digits (out of 40) is to save space. Due to the avalanche
> effect [2], 10 digits should be sufficient to ensure that problems
> resulting from hash collisions are extremely unlikely.
I'd recommend to prefix the digest with a "{TYPE}" (like for hashed
passwords) to be able to change the digest algorithm as needed
(especially in regards to the current SHA successor competition).
This allows a future package manager which might use SHA-3 for hashing
(once it's released) to still check old digests. Furthermore it would
allow for easier transition and only needs a definition of allowed
hashes instead of a specific one.> > The primary reason to use a digest for cache validation instead of a > timestamp is that it allows the cache validation mechanism to work > even if the tree is distributed with a protocol that does not > preserve timestamps, such as git or subversion. This would make it Well, usually you don't keep intermediate or generated files in a VCS, so why the metadata? > possible to distribute metadata cache directly from git and > subversion repositories (among others). Since a digest is inherently > more expensive to obtain than a timestamp, package managers may use > the Manifest entries as a digest cache, in order to avoid the need > to compute digests of ebuilds during dependency calculations. > > Does the suggested approach seem reasonable? Would anybody like to > suggest any changes? Cheers, Tiziano -- ------------------------------------------------------- Tiziano Müller Gentoo Linux Developer, Council Member Areas of responsibility: Samba, PostgreSQL, CPP, Python, sysadmin E-Mail : [email protected] GnuPG FP : F327 283A E769 2E36 18D5 4DE2 1B05 6A63 AE9C 1E30
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
