[prev in list] [next in list] [prev in thread] [next in thread] 

List:       rpm-devel
Subject:    GUPPI: Adding digest parameters for PKGID and HDRID?
From:       Jeff Johnson <n3npq () mac ! com>
Date:       2009-01-17 16:18:59
Message-ID: C0C4704C-7B3D-4F80-959D-57BA188D93C9 () mac ! com
[Download RAW message or body]

I've been told that Fedora 11 is headed towards LZMA and SHA256 for  
file digests.

SuSE (and other distros) are already using LZMA, and will likely  
switch to
something other than MD5 for file digests as well.

With that amount of rock-n-roll pending, it may be time to parameterize
the digest used on header+payload plaintext (aka PKGID) and header-only
plaintext (aka HDRID) to be similar to what is being done with files  
(aka FILEID).

At the same time, there's an additional change to move RPMSIGTAG_MD5  
(and perhaps RPMSIGTAG_SIZE)
into the "immutable header region" (i.e. the HDRID plaintext) that  
will help
ensure that PKGID's are digitally protected by the header-only signature
that should likely be undertaken at the same time.

The original proposal was here:
	https://lists.dulug.duke.edu/pipermail/rpm-devel/2007-May/002677.html

The work wasn't attempted then because changing the plaintext  
definition underneath
a digital signature is a hugely complex affair, "compatibility" is  
meaningless
when the plaintext definition used by digests/signatures changes.

But if *.rpm packaging is changing to generalize FILEID digests, then  
its time
to consider whether PKGID and HDRID should be parameterized too imho.

Opinions?

73 de Jeff
______________________________________________________________________
RPM Package Manager                                    http://rpm5.org
Developer Communication List                        rpm-devel@rpm5.org
[prev in list] [next in list] [prev in thread] [next in thread]