From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RChA6-00086g-I7 for garchives@archives.gentoo.org; Sun, 09 Oct 2011 00:22:38 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7CFB621C2D4; Sun, 9 Oct 2011 00:22:30 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 8D6B121C2CB for ; Sun, 9 Oct 2011 00:22:06 +0000 (UTC) Received: from mail-vw0-f53.google.com (mail-vw0-f53.google.com [209.85.212.53]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: mattst88) by smtp.gentoo.org (Postfix) with ESMTPSA id F0E181B4001 for ; Sun, 9 Oct 2011 00:22:05 +0000 (UTC) Received: by vws19 with SMTP id 19so6626461vws.40 for ; Sat, 08 Oct 2011 17:22:04 -0700 (PDT) Received: by 10.52.73.7 with SMTP id h7mr8195268vdv.105.1318119724086; Sat, 08 Oct 2011 17:22:04 -0700 (PDT) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Received: by 10.52.188.136 with HTTP; Sat, 8 Oct 2011 17:21:44 -0700 (PDT) In-Reply-To: References: <4E90C45E.7020203@gentoo.org> From: Matt Turner Date: Sat, 8 Oct 2011 20:21:44 -0400 Message-ID: Subject: Re: [gentoo-dev] integrity of stage files To: gentoo-dev@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: X-Archives-Hash: 60f63e0e6456bab88373efb781449027 On Sat, Oct 8, 2011 at 6:43 PM, Robin H. Johnson wrote= : > On Sat, Oct 08, 2011 at 02:45:02PM -0700, "Pawe=C5=82 Hajdan, Jr." wrote: >> I checked >> >> and the Handbook only mentions validating MD5 checksums. >> >> There are two possible issues: >> >> 1. Why are we using _only_ MD5 and SHA1 as the checksums? Shouldn't we >> be using something stronger? > Fixed in Catalyst now. > http://git.overlays.gentoo.org/gitweb/?p=3Dproj/catalyst.git;a=3Dcommit;h= =3D42b4f6608682cf03954918ecce7923330a1656fe > So when the stagebuilders update their Catalyst, they will be generated > with newer hashes. Well, almost. The changes you made are in the master branch (for catalyst-3), but since catalyst-3 isn't really going anywhere fast, you should cherry-pick your patches back to the catalyst_2 branch so they'll be available in the next 2.0.6.919 release. Matt