From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 644521396D9 for ; Wed, 15 Nov 2017 19:22:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 02CD3E0F2B; Wed, 15 Nov 2017 19:22:04 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 94840E0F26 for ; Wed, 15 Nov 2017 19:22:03 +0000 (UTC) Received: from [192.168.10.30] (ool-4573d90b.dyn.optonline.net [69.115.217.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: NP-Hardass) by smtp.gentoo.org (Postfix) with ESMTPSA id A96563402FE; Wed, 15 Nov 2017 19:22:02 +0000 (UTC) Subject: Re: [gentoo-dev] manifest-hashes changing to 'BLAKE2B SHA512' on 2017-11-21 To: gentoo-dev@lists.gentoo.org References: <1510763324.1312.5.camel@gentoo.org> Cc: R0b0t1 From: NP-Hardass Openpgp: id=862040BE422755F27FDE13D5671C52F118F89C67; url=https://sks-keyservers.net/pks/lookup?op=get&search=0x671C52F118F89C67 Message-ID: <75d4c538-3043-d98b-af6e-174552f2ff29@gentoo.org> Date: Wed, 15 Nov 2017 14:21:59 -0500 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="dqxQTrIGFTE3bN4Ev688oRVVgj3lCsUQq" X-Archives-Salt: 8fac7873-562f-4ffb-bb0b-a8bd99b091ab X-Archives-Hash: f6bd1a574ec6bd76549366ecdd1e2100 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --dqxQTrIGFTE3bN4Ev688oRVVgj3lCsUQq Content-Type: multipart/mixed; boundary="IMQ7jeHkAgpP1DijeFuiRPib6Unu1xDFM"; protected-headers="v1" From: NP-Hardass To: gentoo-dev@lists.gentoo.org Cc: R0b0t1 Message-ID: <75d4c538-3043-d98b-af6e-174552f2ff29@gentoo.org> Subject: Re: [gentoo-dev] manifest-hashes changing to 'BLAKE2B SHA512' on 2017-11-21 References: <1510763324.1312.5.camel@gentoo.org> In-Reply-To: --IMQ7jeHkAgpP1DijeFuiRPib6Unu1xDFM Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 11/15/2017 12:47 PM, R0b0t1 wrote: > On Wednesday, November 15, 2017, Micha=C5=82 G=C3=B3rny > wrote: >> Hi, everyone. >> >> The Council has approved the manifest-hashes switch on 2017-11-12 >> meeting [1]. The transition will occur to the initial plan, with small= >> changes. The updated plan is included at the end of this mail. >> >> According to this plan, BLAKE2B will be enabled on 2017-11-21. This >> means that starting at this time, all new and updated DIST entries wil= l >> use BLAKE2B+SHA512. Old DIST entries will still use the current hash s= et >> until updated. >> >> The developers are required to upgrade to a package manager supporting= >> this hash. That is: >> >> a. Portage 2.3.5 when using py3.6+, >> >> b. Portage 2.3.13 + pyblake2 installed manually, >> >> c. Portage 2.3.13-r1 that includes the pyblake2 dep. >> >> Modern (and old) Portage will refuse to update Manifests if it does no= t >> support the necessary hashes. However, Portage versions between 2.3.5 >> and 2.3.13 inclusively will create Manifests missing BLAKE2B hash rath= er >> than failing when no hash provider is present. Those Manifests will be= >> rejected by the git hook. >> >> Users will not be affected noticeably as the SHA512 hash continues bei= ng >> used for compatibility. >> >> >> That said, I'd like to request developers not to start proactively >> converting all old Manifest entries to the new set immediately, >> and instead give some time for things to settle down. >> >> >> >> The updated plan >> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >> >> Already done: >> >> - revbumped Portage with pyblake2 dep and started stabilizing it, >> >> - added git update hook to reject invalid Manifest entries. >> >> 2017-11-21 (T+7d): >> >> - manifest-hashes =3D BLAKE2B SHA512 >> >> 2018-02-14 (T+3m): >> >> - manifest-required-hashes =3D BLAKE2B >> >> 2018-05-14 (T+6m): >> >> - last rite fetch-restricted packages that do not use BLAKE2B. >> >> The final removal of SHA512 will be decided by the Council separately.= >> >=20 > Does the existence of a decision mean I would need to contact the > trustees if I feel the changes have not been adequately justified? >=20 > Respectfully, > =C2=A0 =C2=A0 R0b0t1 No, if you think there is an issue with the Council decision, you should speak with the Council. Moreover... The Council is responsible for technical decisions within Gentoo. Unless it violates the Social Contract, I cannot see how the Trustees should be involved here. They have empowered the Council to make technical decisions as they see fit. --=20 NP-Hardass --IMQ7jeHkAgpP1DijeFuiRPib6Unu1xDFM-- --dqxQTrIGFTE3bN4Ev688oRVVgj3lCsUQq Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEv526yLNI+t7RHfJZHNlBHbKvGPsFAloMk9cACgkQHNlBHbKv GPs38w/9HMg4pA4tjbHVZn0BzwHwGw492+oOKjQ/7/rvVzSJ2UaX5FXc2kqFDIVU 0t2BbBGfGT0F1hvue+UbGHyvWcuHoFapfFZaZa1+NxyEAAxZN/nA/LE13peMHA6h lJNABNwW418UVGAWWj0eSWeQLctfNKT9U2AIQ0mUYjtNKrQwjnoLRxSBhoPVkzE0 BgWKvrkq1W1H5BZNegCs55/X7AdrBzFSTf7er2KocP9tmO8t3qYDEotELFHxOBnl f5xcukUR3ON0CSzqPPgAaJrfHMHa94uO8LH6L5jBzz8V9gTHBWEy9Q45GNPf1ucU +LQyokeYO+5dchlLmtz4h2ilt5HWpWXKNE0xaEn2cpa5wIHcUo2khD4DX4hCja/G h3yyVTATbUX4jH/jcZ2NzqPGK8TxisaV1I0s8yWaYABp3LbaDExfY5vAbJzwVcqb DmjwZiaCZLG42EQzObr8EKz05eolaP3fr5ZeQaBKH/eUYBgVKfdI2cQ1/NDC/KLt DM/BJLzWXR0h4eqWC9LejWJMZ2Ob4Xt/lZDun8pAg2qGMYebX7+THfkTSAlDPB6h vf1rMNkHIp+f+PJYpakXKHSozcMXoizI+unwWjA3hF6HwQQKTxe37/mCS3RByOrz Q8V2yhQinB2QCXk2hsM3ahlKMsUR3a4dbGZv/4vasxPvOZ2CGVk= =YNff -----END PGP SIGNATURE----- --dqxQTrIGFTE3bN4Ev688oRVVgj3lCsUQq--