On Thu, Jan 14, 2010 at 11:52:41AM +0000, Chris Gerhard wrote: > My concern as someone who works in support is that this will > generate fire drills and customer calls. The manual for pkg verify > should sing out that it does not do always use the sha1 to do a full > verification.
Sorry, but documenting internal algorithms isn't appropriate. We want to reserve the right to change our hash algorithms and message digests without breaking existing software. Pkg verify is what you should use to verify the integrity of files installed by the packaging system. If you choose not to use that tool, you're on your own. If you're worried about other software, I've already suggested we discuss a programmatic way for other software to plug into verify using the pkg API. -j _______________________________________________ pkg-discuss mailing list [email protected] http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
