From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-34208-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1LVwVn-0000Jj-GO
	for garchives@archives.gentoo.org; Sat, 07 Feb 2009 23:22:59 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 36A09E04D5;
	Sat,  7 Feb 2009 23:22:58 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	by pigeon.gentoo.org (Postfix) with ESMTP id 164FBE04D5
	for <gentoo-dev@lists.gentoo.org>; Sat,  7 Feb 2009 23:22:58 +0000 (UTC)
Received: from [192.168.22.10] (ip68-4-152-120.oc.oc.cox.net [68.4.152.120])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTP id 98DC4649C2
	for <gentoo-dev@lists.gentoo.org>; Sat,  7 Feb 2009 23:22:57 +0000 (UTC)
Message-ID: <498E17E6.8060407@gentoo.org>
Date: Sat, 07 Feb 2009 15:23:18 -0800
From: Zac Medico <zmedico@gentoo.org>
User-Agent: Thunderbird 2.0.0.19 (X11/20081209)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [RFC] DIGESTS metadata variable for cache validation
References: <498758E6.5080609@gentoo.org> <1234045916.24784.1373.camel@localhost>
In-Reply-To: <1234045916.24784.1373.camel@localhost>
X-Enigmail-Version: 0.95.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Archives-Salt: 5d17284b-a752-499c-abe4-1d7fba61ab43
X-Archives-Hash: 452c76b4fc8a2fed3023d2ffd5e49c9b

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Tiziano M=C3=BCller wrote:
> Am Montag, den 02.02.2009, 12:34 -0800 schrieb Zac Medico:
>> For the digest format, I suggest that we use the leftmost 10
>> hexadecimal digits of the SHA-1 digest. The rationale for limiting
>> it to 10 digits (out of 40) is to save space. Due to the avalanche
>> effect [2], 10 digits should be sufficient to ensure that problems
>> resulting from hash collisions are extremely unlikely.
> I'd recommend to prefix the digest with a "{TYPE}" (like for hashed
> passwords) to be able to change the digest algorithm as needed
> (especially in regards to the current SHA successor competition).
> This allows a future package manager which might use SHA-3 for hashing
> (once it's released) to still check old digests. Furthermore it would
> allow for easier transition and only needs a definition of allowed
> hashes instead of a specific one.

I like that idea. That way it's not necessary to bump the EAPI in
order to change the hash function. So, a typical DIGESTS value might
look like this:

SHA1 02021be38b a28b191904 3992945426 6ec21b29a3

>> The primary reason to use a digest for cache validation instead of a
>> timestamp is that it allows the cache validation mechanism to work
>> even if the tree is distributed with a protocol that does not
>> preserve timestamps, such as git or subversion. This would make it
> Well, usually you don't keep intermediate or generated files in a VCS,
> so why the metadata?

People who distribute overlays commonly ask if it's possible to
distribute metadata cache with the overlay. Using a format that
doesn't rely on timestamps will allow them to distribute metadata
cache using their existing infrastructure, which is typically git or
subversion. In addition to overlays, it would also be useful for
forks of the entire gentoo tree, such as the funtoo tree [1].

[1] http://github.com/funtoo/portage/tree/master
- --
Thanks,
Zac
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkmOF+UACgkQ/ejvha5XGaPSyQCg7kVF3S1z4G+7pXOrLBB1Pu77
Y5cAnj60bGSww8SLfcqhHmk1voKwm20+
=3DPmlJ
-----END PGP SIGNATURE-----