From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id A118C1396D9 for ; Tue, 21 Nov 2017 18:21:36 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 07F05E0F38; Tue, 21 Nov 2017 18:21:32 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id B3644E0F19 for ; Tue, 21 Nov 2017 18:21:31 +0000 (UTC) Received: from pomiot (d202-252.icpnet.pl [109.173.202.252]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mgorny) by smtp.gentoo.org (Postfix) with ESMTPSA id 394D6341687; Tue, 21 Nov 2017 18:21:30 +0000 (UTC) Message-ID: <1511288486.7406.0.camel@gentoo.org> Subject: Re: [gentoo-dev] manifest-hashes changing to 'BLAKE2B SHA512' on 2017-11-21 From: =?UTF-8?Q?Micha=C5=82_G=C3=B3rny?= To: gentoo-dev@lists.gentoo.org Date: Tue, 21 Nov 2017 19:21:26 +0100 In-Reply-To: <1510763324.1312.5.camel@gentoo.org> References: <1510763324.1312.5.camel@gentoo.org> Organization: Gentoo Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.24.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: bf2e6336-cb29-4783-904d-91b69ac321de X-Archives-Hash: 0d2c89b2bcc3d16329d8f6018de8cbe4 W dniu śro, 15.11.2017 o godzinie 17∶28 +0100, użytkownik Michał Górny napisał: > Hi, everyone. > > The Council has approved the manifest-hashes switch on 2017-11-12 > meeting [1]. The transition will occur to the initial plan, with small > changes. The updated plan is included at the end of this mail. > > According to this plan, BLAKE2B will be enabled on 2017-11-21. This > means that starting at this time, all new and updated DIST entries will > use BLAKE2B+SHA512. Old DIST entries will still use the current hash set > until updated. > > The developers are required to upgrade to a package manager supporting > this hash. That is: > > a. Portage 2.3.5 when using py3.6+, > > b. Portage 2.3.13 + pyblake2 installed manually, > > c. Portage 2.3.13-r1 that includes the pyblake2 dep. > > Modern (and old) Portage will refuse to update Manifests if it does not > support the necessary hashes. However, Portage versions between 2.3.5 > and 2.3.13 inclusively will create Manifests missing BLAKE2B hash rather > than failing when no hash provider is present. Those Manifests will be > rejected by the git hook. > > Users will not be affected noticeably as the SHA512 hash continues being > used for compatibility. > > > That said, I'd like to request developers not to start proactively > converting all old Manifest entries to the new set immediately, > and instead give some time for things to settle down. > > > > The updated plan > ================ > > Already done: > > - revbumped Portage with pyblake2 dep and started stabilizing it, > > - added git update hook to reject invalid Manifest entries. > > 2017-11-21 (T+7d): > > - manifest-hashes = BLAKE2B SHA512 FYI, this is now online. Please ping me if you have any issues. > > 2018-02-14 (T+3m): > > - manifest-required-hashes = BLAKE2B > > 2018-05-14 (T+6m): > > - last rite fetch-restricted packages that do not use BLAKE2B. > > The final removal of SHA512 will be decided by the Council separately. > > -- Best regards, Michał Górny