Hi All,
I'd like to get some thoughts on a proposal to address 5265. Based on
some earlier feedback I've received from Dave and Karen, I'm proposing
to address 5265 thusly:
Create two new keys in the DC manifest called checksum_iso and
checksum_usb. They will specify one value, true or false. Then I will
modify the create_iso and create_usb finalizer scripts to check for
these values and compute checksums (for any values of true) for the
images using a pre-defined set of checksum algorithims (at the moment I
think MD5, SHA-1 and SHA-256 are probably more than sufficient). This
gets us a range of image hashes with varying levels of security.
My original thought was to create keys in the DC manifest so that the
user could specify checksum types to generate for various media that a
new finalizer step would process. So something like:
<iso_checksums>
<cksum type="md5"/>
</iso_checksums>
<usb_checksums>
<cksum type="md5"/>
<cksum type="sha1"/>
</usb_checksums>
However, while this approach is more flexible in terms of being able to
specify which checksum types you want to create as well as creating a
new step in the finalizer that can be resumed/paused I'm not sure that
it's worth the added complexity at this time. I see a pretty strong
link between creating the images (create_iso/create_usb) and generating
checksums for those images (in my mind at least). Separating those
steps at further glance doesn't seem to buy us all that much. And
generating a default set of image hashes as I propose covers all but the
most paranoid of security types in terms of hash vulnerability.
If there was real interest for the additional flexibility that being
able to specify hash types for each image DC can construct or for being
able to pause/resume creating hashes then we could revisit this and
implement something more intricate.
So, thoughts?
Thanks!
--
Glenn
