From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 19F321396D9 for ; Mon, 6 Nov 2017 16:58:34 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C8AF8E0DF3; Mon, 6 Nov 2017 16:58:27 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 77889E0DD0 for ; Mon, 6 Nov 2017 16:58:27 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 95FF93416CC; Mon, 6 Nov 2017 16:58:24 +0000 (UTC) Message-ID: <1509987501.1382.11.camel@gentoo.org> Subject: Re: [gentoo-dev] Manifest2 hashes, take n+1-th From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Date: Mon, 06 Nov 2017 17:58:21 +0100 In-Reply-To: <1508440120.19870.14.camel@gentoo.org> References: <1508440120.19870.14.camel@gentoo.org> Organization: Gentoo Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 6fa02c41-c4ec-4ffa-8d26-32ba5ce43c0b X-Archives-Hash: 682618f6d1cf4d63b30577cb1e9bd269 Hi, So here's my proposed plan, after considering all the replies. Immediately after accepting --------------------------- a. Revbump Portage to add pyblake2 dep (to ensure BLAKE2 is supported on py<3.6) and request stabilizing this version. b. Create a git update hook that rejects Manifest entries that contain SHA512 only, to prevent a bug in current versions of Portage, that causes it to skip BLAKE2 when no implementation is installed instead of complaining [optional]. Now, let T = day when the new version is stable on amd64. T + 7 days ---------- Set: manifest-hashes = BLAKE2B SHA512 manifest-required-hashes = SHA512 New Manifest entries will use the new hashes but Portage will keep the old hash set whenever it would need to refetch old distfiles. T + 3 months ------------ Set: manifest-required-hashes = BLAKE2B Portage will now request updating hashes for all files, including old distfiles. We will start proactively updating Manifests here, and file bugs for fetch-restricted packages. T + 6 months ------------ All Manifests should use the new hashes by this time. The remaining fetch-restricted packages should be last-rited. T + 36 months ------------- Set: manifest-hashes = BLAKE2B Remove SHA512 from all Manifests. -- Best regards, Michał Górny