blob: 39980d0dd0b1ecdfc4be3b95f198ad1e1d6a0a8a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
\summary{2005}{12}{15}
Agenda call: \agoref{gentoo-dev}{0b0ae67d6fa6c4d0363f28a68d0ffc0b}
\agendaitem{Decision on multi-hash for Manifest1}
\index{multi-hash}\index{Manifest}\index{hash!SHA256}\index{hash!SHA1}
\index{hash!RMD160}\index{hash!MD5}\index{ChangeLog}\index{metadata.xml}
\index{Manifest!format 1}
Reference: http://article.gmane.org/gmane.linux.gentoo.devel/33434%
\footnote{Likely \agoref{gentoo-dev}{f97ff5732872ffe44ef05627b7a19cc1}}
There was a bit of hearsay about why the council was asked to review / decide
on this issue since we were not able to locate any portage developers at the
time of the meeting... so our decision comes with a slight caveat. Assuming
the reasons our input was asked for was summarized in the e-mail originally
sent by \dev{genone}, then we're for what we dubbed option (2.5.1). That is,
the portage team should go ahead with portage 2.0.54 and include support for
SHA256 / RMD160 hashes on top of MD5 hashes. SHA1 should not be included as
having both SHA256 / SHA1 is pointless. further more, we hope this is just a
hold over until Manifest2 is ironed out / approved / implemented / deployed.
It was also noted that we should probably omit ChangeLog and metadata.xml files
from the current Manifest schema as digesting them serves no real purpose.
\agendaitem{Portage signing}
\index{portage signing}\index{Manifest!signing}
Shortly after our November meeting, a nice summary\footnote{Likely
\agoref{gentoo-portage-dev}{1ffa48adfce79105cca532c00533c298}} was posted
by \dev{robbat2} that covered signing issues from top to bottom. As such, it
was felt that trying to throw together a GLEP would not be beneficial. Instead
we will be adding a constant agenda item to future council meetings as to the
status of portage signing issues to keep the project from slipping into
obscurity again.
|