Re: [pacman-dev] [PATCH 2/2] makepkg: add CRC checksums and set these to be the default

On 24/1/20 12:37 pm, Eli Schwartz wrote: > On 1/22/20 9:18 PM, Allan McRae wrote: >> Checksums arrays should be filled with values provided by upstream. We >> currently have md5 set as an unsecure default, and are constantly asked to >> change it to sha2. However, just changing the default to a

Re: [pacman-dev] [PATCH 2/2] makepkg: add CRC checksums and set these to be the default

On 1/23/20 8:06 PM, Charles Duffy wrote: > A potentially unforeseen consequence: > > At present, it is possible (albeit with use of tools that aren't as of > present date publicly released, something I hope to change in the future) > to use the Nix build system to build Arch packages (with some

Re: [pacman-dev] [PATCH 2/2] makepkg: add CRC checksums and set these to be the default

On 1/22/20 9:18 PM, Allan McRae wrote: > Checksums arrays should be filled with values provided by upstream. We > currently have md5 set as an unsecure default, and are constantly asked to > change it to sha2. However, just changing the default to a stronger checksum > gives the user the

Re: [pacman-dev] [PATCH] libalpm: fix alpm_option_set_assumeinstalled

On 23/1/20 4:38 pm, morganamilo wrote: > It looks like this function has never actually worked. The current list > is never set to NULL after being freed. So the new deps were just > appended to the already freed list, leading to a segfault. Good spotting. Patch is good. A

Re: [pacman-dev] [PATCH 2/2] makepkg: add CRC checksums and set these to be the default

On 24/1/20 11:06 am, Charles Duffy wrote: > Thus, moving to cksum -- quite aside from other concerns, which have been > argued outside this thread -- would encourage an increased proportion of > Arch packages not be buildable by Nix. If an Arch packager relies on a CRC in their PKGBUILD, then we

Re: [pacman-dev] [PATCH 2/2] makepkg: add CRC checksums and set these to be the default

A potentially unforeseen consequence: At present, it is possible (albeit with use of tools that aren't as of present date publicly released, something I hope to change in the future) to use the Nix build system to build Arch packages (with some caveats, but generally manageable ones for folks who

Re: [pacman-dev] [PATCH] Replace MD5 with SHA-256 as a default file integrity check in PKGBUILDs

Em janeiro 23, 2020 11:59 Eli Schwartz escreveu: Then I'm sure you'll be delighted to know that the last time this discussion was brought up (a couple years ago?) Allan said he wanted to add "cksum" support and switch to that for a default. Rationale: both md5sum and cksum are already

Re: [pacman-dev] [PATCH] Replace MD5 with SHA-256 as a default file integrity check in PKGBUILDs

On 1/23/20 8:32 AM, Giancarlo Razzolini wrote: > Em janeiro 22, 2020 23:30 Eli Schwartz escreveu: >> So ultimately that is what this discussion will always devolve to: >> >> - Do we want to ensure TOFU? > > Yes. > >> - Do we want to give PKGBUILDs the default black mark "uses md5sums >>  

Re: [pacman-dev] [PATCH] Replace MD5 with SHA-256 as a default file integrity check in PKGBUILDs

Em janeiro 22, 2020 23:30 Eli Schwartz escreveu: So ultimately that is what this discussion will always devolve to: - Do we want to ensure TOFU? Yes. - Do we want to give PKGBUILDs the default black mark "uses md5sums because maintainer doesn't care about researching sources"? No.