Hi, I'd like to propose the following for portage:
- Only support one "secure" hash function (such as sha2, sha3, blake2, etc) - Only generate and parse one hash function in Manifest files - Remove support for multiple hash functions In other words, what are we actually getting by having _both_ SHA2-512 and BLAKE2b for every file in every Manifest? It's not about file integrity, since certainly a single hash handles that use case fine. And it's not about security either, since for that we use gpg signatures, and gpg signatures are carried out over a _single_ hash of the plain text being hashed, so the security of the system reduces to breaking SHA2-512 anyway. So, if it's not about file integrity and it's not about security, what is it about? I don't really care which one we use, so long as it's not already broken or too obscure/new. So in other words, any one of SHA2-256, SHA2-512, SHA3, BLAKE2b, BLAKE2s would be fine with me. Can we just pick one and roll with it? Jason PS: there _is_ a good reason for recording the file size in Manifest files as we do now: it's quicker to compare sizes on large files than it is to read and hash the whole thing, so this gives us a "free" way of noticing quick corruption.
