[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netbsd-tech-security
Subject:    Re: Using multiple digest algorithms in pkgsrc
From:       Juan RP <juan () xtraeme ! nopcode ! org>
Date:       2005-02-16 14:55:02
Message-ID: 20050216155502.50d7b73e.juan () xtraeme ! nopcode ! org
[Download RAW message or body]

On Wed, 16 Feb 2005 14:06:55 +0000
Alistair Crooks <agc@pkgsrc.org> wrote:

> Following on from
> 
> 	http://www.schneier.com/blog/archives/2005/02/sha1_broken.html
> 
> I've made some modifications to bsd.pkg.mk so that a number of digest
> algorithms can be specified for dist files and dist patches.  I have
> kept the digests of our included patch files to be simply sha1 for
> just now, since they are really meant to indicate whether a file has
> changed, and are not used to guarantee file integrity - in short, if
> someone can modify the patch file, they can modify the distinfo file
> holding its information.
> 
> I have extended the DIGEST_ALGORITHM definition (which is set by ?=
> in bsd.pkg.mk) to be a whitespace-separated list of algorithms which
> are used in "makedistinfo" to generate the distinfo files.

Really cool!
[prev in list] [next in list] [prev in thread] [next in thread]