[pkg-discuss] Re: Updated sha-2 webrev
- From: Danek Duvall <
- Subject: [pkg-discuss] Re: Updated sha-2 webrev
- Date: Tue, 1 Oct 2013 16:03:08 -0700
Tim Foster wrote:
> * tests that non-debug pkg(1) (ie. SHA-1 and SHA-2 aware) can install
> future packages that may only contain SHA-2 hashes
What happens with the client as you have it if it sees a package that only
contains "sha512" hashes? Do we do something sane, or do we keel over?
Does that require any catalog code to support?
> * "pkg.elf.sha256" is now the attribute name for SHA-2 elfhashes
So Tim and I had a quick discussion on IRC, wherein:
- I said I didn't like "pkg.<type>.<hashname>" because of potential (if
unlikely) conflicts between <type> and some other real word we'd want
to use in that position, hence I would want to give the file type its
own namespace: pkg.filetype=<type>;
- I suggested pkg.content-hash.<hashname>;
- We agreed that having the filetype in the action metadata was very
useful, and possibly necessary;
- I stated that having "elfbits" and "elfarch" were basically useless,
"because it's there" attributes, could be dropped, and would make up
for extending the length of "elfhash" to "pkg.content-hash.sha256";
- Tim, through his tears of frustration, agreed to do the work.
Tim, is that about right?