Hi Ulrich,
On 4/6/22, Ulrich Mueller wrote:
>> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
>
>> I think actually the argument I'm making this time might be subtly
>> different from the motions that folks went through last year.
>> Specifically, the idea last year was to switch to using
> On Wed, 06 Apr 2022, Thomas Bracht Laumann Jespersen wrote:
> - find $d/doc -name \*.txt -type l | while read s; do
> - [[ $(readlink "$s") = $vimfiles/* ]] && rm -f "$s"
> + find ${d}/doc -name \*.txt -type l | while read s; do
> +
# David Seifert (2022-04-06)
# Unsupported branches, no consumers left, removal on 2023-01-01.
sys-devel/automake:1.13
sys-devel/automake:1.15
**NOTE**:
Slot 1.11 remains masked and will *not* be removed for the foreseeable
future, since developers may need it for de-ANSI-fication (ansi2knr)
Hi Rich,
On 4/6/22, Rich Freeman wrote:
> On Tue, Apr 5, 2022 at 8:05 PM Sam James wrote:
> Our security fails currently if EITHER SHA2-512 or a hardened version
> of SHA-1 are defeated. Our top gpg signature is bound to a git commit
> record by SHA2-512, and the git commit record is bound to
> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
> So I'll spell out the different possibilities:
> 1) GPG uses SHA-512. Manifest uses SHA-512 and BLAKE2b.
> 1a) Possibility: SHA-512 is broken. Result: system broken.
> 1b) Possibility: BLAKE2b is broken. Result: nothing.
> 2) GPG uses
> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
> Why? Then we're dependent on two things, either of which could break,
> rather than one.
See? If either of these should happen, then we'll be happy that we still
have both hashes in our Manifest files.
OTOH, if that argument is not relavant
On Wed, Apr 06, 2022 at 07:06:30PM +0200, Jason A. Donenfeld wrote:
> No, you're still missing the point.
>
> If SHA-512 breaks, the security of the system fails, regardless of
> what change we make. This is because GnuPG uses SHA-512 for its
> signatures.
Question directly for you Jason, because
Hi Ulrich,
On Wed, Apr 6, 2022 at 6:38 PM Ulrich Mueller wrote:
> > Why? Then we're dependent on two things, either of which could break,
> > rather than one.
>
> See? If either of these should happen, then we'll be happy that we still
> have both hashes in our Manifest files.
>
> OTOH, if that
On Wed, Apr 06, 2022 at 02:15:02AM +0200, Jason A. Donenfeld wrote:
> 2) Comparability: other distros use SHA2-512, as well as various
> upstreams, which means we can compare our hashes to theirs easily.
Can we expand on this specific thread for a moment?
I was the author of GLEP59 about changing
On Wed, Apr 6, 2022 at 1:29 PM Jason A. Donenfeld wrote:
>
> Sort of. The security between infra and users relies on SHA2-512. The
> security between devs and infra relies on SHA-1. I guess the "full
> system" depends on both, but I've been focused on the more likely
> issue of a community-run
Dear all
the following packages are up for grabs after dropping
desktop-misc:
x11-misc/xfe
https://packages.gentoo.org/packages/x11-misc/xfe
There is an open version bump request:
https://bugs.gentoo.org/836834
--
Best,
Jonas
# Matt Turner (2022-04-06)
# Dead package upstream. No reverse dependencies.
# Removal on 2022-05-06
dev-util/nemiver
signature.asc
Description: PGP signature
12 matches
Mail list logo