On 14/01/2010 20:45, Shawn Walker wrote:
On 01/14/10 02:40 PM, Chris Gerhard wrote:
On 14/01/2010 19:54, [email protected] wrote:
On Thu, Jan 14, 2010 at 11:52:41AM +0000, Chris Gerhard wrote:
My concern as someone who works in support is that this will
generate fire drills and customer calls. The manual for pkg verify
should sing out that it does not do always use the sha1 to do a full
verification.
Sorry, but documenting internal algorithms isn't appropriate. We want
to reserve the right to change our hash algorithms and message digests
without breaking existing software. Pkg verify is what you should use
to verify the integrity of files installed by the packaging system. If
you choose not to use that tool, you're on your own.
And that is the problem. If you use anything else it will lead the user
down to the path of believing there is a problem when there is not one.
That will result in customer dissatisfaction and calls. Unless we
clearly document this behaviour or fix it.
"fixing it" would imply it is broken, which it is not.
Nevermind that some software won't be able to correctly compare files if
they use an algorithm which has been proven to have hash collisions (as
an example).
Sorry, but the existing behaviour is intentional, is not a bug, and is
currently a necessary part of the efficient update logic used by the
client.
I'm not suggesting that the behaviour was not intentional, or that it is
a bug. It is sub optimal though and will lead to confusion and calls. If
it can be changed so this does not happen that would be good.
I'm ok with adding a general explanation that the package system will
use its own methods for determining whether files should be updated, but
I agree with johansen that we will not document our exact internal
algorithms in end-user documentation.
that would work. An explanation that the pkg systems idea of the same
file does not necessarily mean that the files are bit for bit the same.
However having this resolved at the repository would seem to be a much
better solution.
--
Sent from my OpenSolaris Laptop
_______________________________________________
pkg-discuss mailing list
[email protected]
http://mail.opensolaris.org/mailman/listinfo/pkg-discuss
