On 24/1/20 12:37 pm, Eli Schwartz wrote:
> On 1/22/20 9:18 PM, Allan McRae wrote:
>> Checksums arrays should be filled with values provided by upstream. We
>> currently have md5 set as an unsecure default, and are constantly asked to
>> change it to sha2. However, just changing the default to a
On 1/23/20 8:06 PM, Charles Duffy wrote:
> A potentially unforeseen consequence:
>
> At present, it is possible (albeit with use of tools that aren't as of
> present date publicly released, something I hope to change in the future)
> to use the Nix build system to build Arch packages (with some
On 1/22/20 9:18 PM, Allan McRae wrote:
> Checksums arrays should be filled with values provided by upstream. We
> currently have md5 set as an unsecure default, and are constantly asked to
> change it to sha2. However, just changing the default to a stronger checksum
> gives the user the
On 23/1/20 4:38 pm, morganamilo wrote:
> It looks like this function has never actually worked. The current list
> is never set to NULL after being freed. So the new deps were just
> appended to the already freed list, leading to a segfault.
Good spotting. Patch is good.
A
On 24/1/20 11:06 am, Charles Duffy wrote:
> Thus, moving to cksum -- quite aside from other concerns, which have been
> argued outside this thread -- would encourage an increased proportion of
> Arch packages not be buildable by Nix.
If an Arch packager relies on a CRC in their PKGBUILD, then we
A potentially unforeseen consequence:
At present, it is possible (albeit with use of tools that aren't as of
present date publicly released, something I hope to change in the future)
to use the Nix build system to build Arch packages (with some caveats, but
generally manageable ones for folks who
Em janeiro 23, 2020 11:59 Eli Schwartz escreveu:
Then I'm sure you'll be delighted to know that the last time this
discussion was brought up (a couple years ago?) Allan said he wanted to
add "cksum" support and switch to that for a default. Rationale: both
md5sum and cksum are already
On 1/23/20 8:32 AM, Giancarlo Razzolini wrote:
> Em janeiro 22, 2020 23:30 Eli Schwartz escreveu:
>> So ultimately that is what this discussion will always devolve to:
>>
>> - Do we want to ensure TOFU?
>
> Yes.
>
>> - Do we want to give PKGBUILDs the default black mark "uses md5sums
>>
Em janeiro 22, 2020 23:30 Eli Schwartz escreveu:
So ultimately that is what this discussion will always devolve to:
- Do we want to ensure TOFU?
Yes.
- Do we want to give PKGBUILDs the default black mark "uses md5sums
because maintainer doesn't care about researching sources"?
No.