From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 24BC21396D9 for ; Wed, 15 Nov 2017 17:47:53 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 19FFFE0F1D; Wed, 15 Nov 2017 17:47:48 +0000 (UTC) Received: from mail-yw0-x230.google.com (mail-yw0-x230.google.com [IPv6:2607:f8b0:4002:c05::230]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8EC30E0DCA; Wed, 15 Nov 2017 17:47:47 +0000 (UTC) Received: by mail-yw0-x230.google.com with SMTP id x20so10171096ywg.4; Wed, 15 Nov 2017 09:47:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=ZXnfFCgYsJo7fpX4kfXtJ25C0uvLbiAYDY9dxt4oEXo=; b=ICRW1Ogvo8sFDPLUdmk2nAOyp9j6uQwL9RInOib32FkPD9ZMgVvSH850c+oPWoGY7X i2Rjnr1i2kHtLXxdNRvU5s9yzf3fE0mo5H4/aAODfmBHnO0gPJhWzrvDUyC7C733+fly iqSeCc0+rRxkfCymEm/KkkxtCWhFXmavILKvDJ1i8o8NBVHx7D/npOOobdym2UXo6/pf EG9c5oqsyR6Wj9UVNyHJ3JgvySbwnFiH8kKMhbWgK3eqKMiF+9+yhDCzWBP8bjAAcdA8 Rb/sYhIVYiCRR9DJvmLNPDY0a+VXu2kLKyS018RyirUW3TSxCOdxpOWNdmzztoFLd9J+ Uh0A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=ZXnfFCgYsJo7fpX4kfXtJ25C0uvLbiAYDY9dxt4oEXo=; b=Wi017an1nAxa99XO5aqMmOln0YCO8BhOvx7UA+FdzCw4GSqVS/sHh8LWAuBLy04gWi oSUFOGo3jOKecenoCjWMT1rn5t53bSWv4l5E9PN0+tO6R84R4UzgGVxrpI/6m37apD1C EReJfD3D3Cll0dccd5HT52t19GiKGZFWWwJvYBipTkFtCD93uSJ8K5LpigEzYppDh3Ci n2vuiURMiUuusF93FF1Ms02mS+UidgUewmx4d5bKHhu2ZZPCfootBjnHTnsW9C8x0acQ QfZIWbTKmr4gCwzpeatVTvaRTPn/tl4XJWiSscF1MM971zpExoDpT3bvt4RiUP+FxldT rJCA== X-Gm-Message-State: AJaThX7xr9U3uLCH/N0RJfqvwrgRdc4PUO2luU2KCNSKy8+4O3sUCPK6 P+i/1xVT0bwg2YV3Wa1h4pvRn4lQFhiwL/aQ39E= X-Google-Smtp-Source: AGs4zMZ8Jmu3iVK1tIosfuLr58jKa1yaKItaPXCwRdq4UAN7hjFL3flvGUD6UYyPNqSRKnWmzkYjlDrqrqaMXhVXxV4= X-Received: by 10.37.205.65 with SMTP id d62mr9776041ybf.259.1510768062006; Wed, 15 Nov 2017 09:47:42 -0800 (PST) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.129.49.7 with HTTP; Wed, 15 Nov 2017 09:47:41 -0800 (PST) In-Reply-To: <1510763324.1312.5.camel@gentoo.org> References: <1510763324.1312.5.camel@gentoo.org> From: R0b0t1 Date: Wed, 15 Nov 2017 11:47:41 -0600 Message-ID: Subject: Re: [gentoo-dev] manifest-hashes changing to 'BLAKE2B SHA512' on 2017-11-21 To: "gentoo-dev@lists.gentoo.org" Cc: gentoo-dev-announce Content-Type: multipart/alternative; boundary="94eb2c189ee6add0af055e09193e" X-Archives-Salt: 4f6c57e2-4998-4eb0-893d-66b663c815d4 X-Archives-Hash: f040ce3ab4614302e0178dd1e98926ec --94eb2c189ee6add0af055e09193e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wednesday, November 15, 2017, Micha=C5=82 G=C3=B3rny = wrote: > Hi, everyone. > > The Council has approved the manifest-hashes switch on 2017-11-12 > meeting [1]. The transition will occur to the initial plan, with small > changes. The updated plan is included at the end of this mail. > > According to this plan, BLAKE2B will be enabled on 2017-11-21. This > means that starting at this time, all new and updated DIST entries will > use BLAKE2B+SHA512. Old DIST entries will still use the current hash set > until updated. > > The developers are required to upgrade to a package manager supporting > this hash. That is: > > a. Portage 2.3.5 when using py3.6+, > > b. Portage 2.3.13 + pyblake2 installed manually, > > c. Portage 2.3.13-r1 that includes the pyblake2 dep. > > Modern (and old) Portage will refuse to update Manifests if it does not > support the necessary hashes. However, Portage versions between 2.3.5 > and 2.3.13 inclusively will create Manifests missing BLAKE2B hash rather > than failing when no hash provider is present. Those Manifests will be > rejected by the git hook. > > Users will not be affected noticeably as the SHA512 hash continues being > used for compatibility. > > > That said, I'd like to request developers not to start proactively > converting all old Manifest entries to the new set immediately, > and instead give some time for things to settle down. > > > > The updated plan > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > Already done: > > - revbumped Portage with pyblake2 dep and started stabilizing it, > > - added git update hook to reject invalid Manifest entries. > > 2017-11-21 (T+7d): > > - manifest-hashes =3D BLAKE2B SHA512 > > 2018-02-14 (T+3m): > > - manifest-required-hashes =3D BLAKE2B > > 2018-05-14 (T+6m): > > - last rite fetch-restricted packages that do not use BLAKE2B. > > The final removal of SHA512 will be decided by the Council separately. > Does the existence of a decision mean I would need to contact the trustees if I feel the changes have not been adequately justified? Respectfully, R0b0t1 --94eb2c189ee6add0af055e09193e Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Wednesday, November 15, 2017, Micha=C5=82 G=C3=B3rny <mgorny@gentoo.org> wrote:
> Hi, everyone= .
>
> The Council has approved the manifest-hashes switch on 20= 17-11-12
> meeting [1]. The transition will occur to the initial plan= , with small
> changes. The updated plan is included at the end of th= is mail.
>
> According to this plan, BLAKE2B will be enabled on= 2017-11-21. This
> means that starting at this time, all new and upd= ated DIST entries will
> use BLAKE2B+SHA512. Old DIST entries will st= ill use the current hash set
> until updated.
>
> The dev= elopers are required to upgrade to a package manager supporting
> thi= s hash. That is:
>
> a. Portage 2.3.5 when using py3.6+,
>= ;
> b. Portage 2.3.13 + pyblake2 installed manually,
>
> = c. Portage 2.3.13-r1 that includes the pyblake2 dep.
>
> Modern= (and old) Portage will refuse to update Manifests if it does not
> s= upport the necessary hashes. However, Portage versions between 2.3.5
>= ; and 2.3.13 inclusively will create Manifests missing BLAKE2B hash rather<= br>> than failing when no hash provider is present. Those Manifests will= be
> rejected by the git hook.
>
> Users will not be aff= ected noticeably as the SHA512 hash continues being
> used for compat= ibility.
>
>
> That said, I'd like to request develop= ers not to start proactively
> converting all old Manifest entries to= the new set immediately,
> and instead give some time for things to = settle down.
>
>
>
> The updated plan
> =3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>
> Already done:=
>
> - revbumped Portage with pyblake2 dep and started stabiliz= ing it,
>
> - added git update hook to reject invalid Manifest = entries.
>
> 2017-11-21 (T+7d):
>
> - manifest-hash= es =3D BLAKE2B SHA512
>
> 2018-02-14 (T+3m):
>
> - = manifest-required-hashes =3D BLAKE2B
>
> 2018-05-14 (T+6m):
= >
> - last rite fetch-restricted packages that do not use BLAKE2B.=
>
> The final removal of SHA512 will be decided by the Council= separately.
>

Does the existence of a decision mean I would n= eed to contact the trustees if I feel the changes have not been adequately = justified?

Respectfully,
=C2=A0 =C2=A0 R0b0t1 --94eb2c189ee6add0af055e09193e--