-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tiziano Müller wrote:
> Am Samstag, den 07.02.2009, 15:23 -0800 schrieb Zac Medico:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Tiziano Müller wrote:
>>> Am Montag, den 02.02.2009, 12:34 -0800 schrieb Zac Medico:
>>>> For the digest format, I suggest that we use the leftmost 10
>>>> hexadecimal digits of the SHA-1 digest. The rationale for limiting
>>>> it to 10 digits (out of 40) is to save space. Due to the avalanche
>>>> effect [2], 10 digits should be sufficient to ensure that problems
>>>> resulting from hash collisions are extremely unlikely.
>>> I'd recommend to prefix the digest with a "{TYPE}" (like for hashed
>>> passwords) to be able to change the digest algorithm as needed
>>> (especially in regards to the current SHA successor competition).
>>> This allows a future package manager which might use SHA-3 for hashing
>>> (once it's released) to still check old digests. Furthermore it would
>>> allow for easier transition and only needs a definition of allowed
>>> hashes instead of a specific one.
>> I like that idea. That way it's not necessary to bump the EAPI in
>> order to change the hash function. So, a typical DIGESTS value might
>> look like this:
>>
>> SHA1 02021be38b a28b191904 3992945426 6ec21b29a3
>>
>>>> The primary reason to use a digest for cache validation instead of a
>>>> timestamp is that it allows the cache validation mechanism to work
>>>> even if the tree is distributed with a protocol that does not
>>>> preserve timestamps, such as git or subversion. This would make it
>>> Well, usually you don't keep intermediate or generated files in a VCS,
>>> so why the metadata?
>> People who distribute overlays commonly ask if it's possible to
>> distribute metadata cache with the overlay. Using a format that
>> doesn't rely on timestamps will allow them to distribute metadata
>> cache using their existing infrastructure, which is typically git or
>> subversion. In addition to overlays, it would also be useful for
>> forks of the entire gentoo tree, such as the funtoo tree [1].
>>
>> [1] http://github.com/funtoo/portage/tree/master
>
> Ok, after having the technical details discussed, I'd like to know which
> overlays or trees could really make use of it.
> Because small overlays surely won't generate the metadata because it is
> cumbersome to generate the metadata and isn't really a speed issue.
> Most larger overlays/repositories will probably be able to setup rsync
> or implement a procedure using cron+tarball.
> So, who exactly is asking about being able to distribute the metadata
> cache via a VCS?
All that I can say right now is that I recall questions about it in
the past from overlay maintainers (I don't have a list) and the
funtoo project is the only one which I can name offhand.
However, the ability to distribute cache via a vcs is only an
ancillary feature which is made possible by the DIGESTS data. The
DIGESTS data is useful regardless of the protocol that is used to
distribute the cache, since it allows the cache to be properly
validated for integrity. So, the real primary reason for introducing
the DIGESTS data is to provide a proper solution for cases like bug
#139134 [1] in which invalid metadata cache goes undetected.
[1] http://bugs.gentoo.org/show_bug.cgi?id=139134
- --
Thanks,
Zac
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
iEYEARECAAYFAkmQijwACgkQ/ejvha5XGaM2gQCguhueRSzVSr6GlFpTW6uutJ9p
mAQAoJ5LOuU9kl8wXEF3qzF5XFa2LdmH
=DTgz
-----END PGP SIGNATURE-----
