From: Gustavo Zacarias <gustavo@zacarias.com.ar>
To: buildroot@busybox.net
Subject: [Buildroot] [PATCH] ser2net: Add a hash file
Date: Wed, 08 Oct 2014 08:35:02 -0300 [thread overview]
Message-ID: <54352166.5050500@zacarias.com.ar> (raw)
In-Reply-To: <54351F42.2090800@imgtec.com>
On 10/08/2014 08:25 AM, Markos Chandras wrote:
> Sure. But this probably is not a strong argument because for all I know
> they may find sha256 broken tomorrow morning and you have to update all
> the buildroot packages using that hash to verify the tarball. If you
> think something is "not strong enough" then don't use it :)
> Perhaps it's best if buildroot supported the two strongest algorithms
> and request that information for every package? I really see no point
> supporting eg md5 since we know it's weak. Anyway, that's my personal
> opinion, I just feel there is no clear "rule" here so developers are
> free to use whatever they want which may not always be acceptable by the
> maintainers :)
Those last lines ^^^ :)
If upstream maintainers ship with md5 there's not much we can do about it.
In the end we do hashes for integrity above everything else and we don't
want to get in the way of new/bumped packages hence hashes aren't
mandatory for now (it would be good to have them all though).
Regards.
PS: and to detect sucky upstream that switches tarballs without bumping
versions to cover their lower heads.
next prev parent reply other threads:[~2014-10-08 11:35 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-10-07 14:30 [Buildroot] [PATCH] ser2net: Fix compilation failures due to missing TIOCSRS485 macro Vicente Olivert Riera
2014-10-07 14:30 ` [Buildroot] [PATCH] ser2net: Add a hash file Vicente Olivert Riera
2014-10-07 17:23 ` Thomas Petazzoni
2014-10-08 8:57 ` Vicente Olivert Riera
2014-10-08 9:20 ` Thomas Petazzoni
2014-10-08 9:25 ` Vicente Olivert Riera
2014-10-08 9:37 ` Markos Chandras
2014-10-08 9:41 ` Vicente Olivert Riera
2014-10-08 10:04 ` Peter Korsgaard
2014-10-08 10:11 ` Gustavo Zacarias
2014-10-08 10:18 ` Markos Chandras
2014-10-08 10:43 ` Gustavo Zacarias
2014-10-08 11:25 ` Markos Chandras
2014-10-08 11:35 ` Gustavo Zacarias [this message]
2014-10-29 21:58 ` Thomas Petazzoni
2014-10-07 14:33 ` [Buildroot] [PATCH] ser2net: Fix compilation failures due to missing TIOCSRS485 macro Yegor Yefremov
2014-10-07 17:28 ` Thomas Petazzoni
2014-10-07 19:34 ` Yegor Yefremov
2014-10-07 20:15 ` Peter Korsgaard
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=54352166.5050500@zacarias.com.ar \
--to=gustavo@zacarias.com.ar \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox