[gentoo-dev] integrity of stage files

2011-10-08 Thread Paweł Hajdan, Jr.
I checked http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1chap=5 and the Handbook only mentions validating MD5 checksums. There are two possible issues: 1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we be using something stronger? 2. I noticed the checksums

Re: [gentoo-dev] integrity of stage files

2011-10-08 Thread Robin H. Johnson
On Sat, Oct 08, 2011 at 02:45:02PM -0700, Paweł Hajdan, Jr. wrote: I checked http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1chap=5 and the Handbook only mentions validating MD5 checksums. There are two possible issues: 1. Why are we using _only_ MD5 and SHA1 as the

Re: [gentoo-dev] integrity of stage files

2011-10-08 Thread Paweł Hajdan, Jr.
On 10/8/11 3:43 PM, Robin H. Johnson wrote: 1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we be using something stronger? Fixed in Catalyst now. http://git.overlays.gentoo.org/gitweb/?p=proj/catalyst.git;a=commit;h=42b4f6608682cf03954918ecce7923330a1656fe So when the

Re: [gentoo-dev] integrity of stage files

2011-10-08 Thread Robin H. Johnson
On Sat, Oct 08, 2011 at 04:39:40PM -0700, Paweł Hajdan, Jr. wrote: On 10/8/11 3:43 PM, Robin H. Johnson wrote: 1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we be using something stronger? Fixed in Catalyst now.

Re: [gentoo-dev] integrity of stage files

2011-10-08 Thread Matt Turner
On Sat, Oct 8, 2011 at 6:43 PM, Robin H. Johnson robb...@gentoo.org wrote: On Sat, Oct 08, 2011 at 02:45:02PM -0700, Paweł Hajdan, Jr. wrote: I checked http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1chap=5 and the Handbook only mentions validating MD5 checksums. There are two

Re: [gentoo-dev] integrity of stage files

2011-10-08 Thread Robin H. Johnson
On Sat, Oct 08, 2011 at 08:21:44PM -0400, Matt Turner wrote: On Sat, Oct 8, 2011 at 6:43 PM, Robin H. Johnson robb...@gentoo.org wrote: On Sat, Oct 08, 2011 at 02:45:02PM -0700, Paweł Hajdan, Jr. wrote: I checked http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1chap=5 and the

Re: [gentoo-dev] integrity of stage files

2011-10-08 Thread Paweł Hajdan, Jr.
On 10/8/11 5:01 PM, Robin H. Johnson wrote: Ah, I just forgot about that page. Okay, so can we also update the Handbook to include GPG signature checking? It DOES already mention checking the signature: http://www.gentoo.org/doc/en/handbook/handbook-x86.xml?part=1chap=2#doc_chap3 That's good,

Re: [gentoo-dev] integrity of stage files

2011-10-08 Thread Alec Warner
On Sat, Oct 8, 2011 at 5:41 PM, Paweł Hajdan, Jr. phajdan...@gentoo.org wrote: On 10/8/11 5:01 PM, Robin H. Johnson wrote: Ah, I just forgot about that page. Okay, so can we also update the Handbook to include GPG signature checking? It DOES already mention checking the signature: