Danek Duvall wrote:
On Fri, May 01, 2009 at 10:06:43AM +0100, Darren J Moffat wrote:
SHA-1 is getting weaker, so we need to move IPS to SHA-256 as soon as
possible.
Other than changing the code is there something else that needs to be done
with the "RE" processes to make this happen ?
I'd like to try and do this as my first code contribution for IPS.
Use of SHA-256 is going to require moving to Python 2.6 (bug 5573).
I don't understand why. Especially since in the same file there is
already use of OpenSSL functions and OpenSSL provides SHA-256.
> It
also depends on nailing down the reorganization of the depot directory
layout and the client-side download cache layout (bugs 7276, 7960). So
it's a bit more than a couple lines of code.
Thats what I feared!
This is all stuff that we'd been planning on tackling for 2010.02, though I
think we could probably use your skills better figuring out all the details
of the manifest signing plan.
Given the above I think it is probably best to deal with this as part of
the move to signing and when that is done change the default to be sha256.
--
Darren J Moffat
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
