Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not use sha1 #1148

Open
ehmry opened this issue Sep 29, 2023 · 4 comments
Open

Do not use sha1 #1148

ehmry opened this issue Sep 29, 2023 · 4 comments

Comments

@ehmry
Copy link

ehmry commented Sep 29, 2023

SHA1 is broken. Many things are broken in Nimble but this is easy to fix.
@xTrayambak
Copy link
Contributor

@Araq What should be done about this?

@Araq
Copy link
Member

Araq commented Oct 23, 2023

Use a better checksum algorithm?

@xTrayambak
Copy link
Contributor

Alright, I'll work on that. I'm just scared that this might break stuff downstream. Hopefully, it won't. :P

@xTrayambak
Copy link
Contributor

The biggest problem is migrating pre-existing installed libraries. We'll have to go through everything in the packages directory, scan everything, compute new SHA-2 hashes, move these files to new directories with the updated hash. Or, alternatively, we can let SHA-1 exist as legacy stuff, and add a new pkgs3 directory with new packages that have SHA-2 hashes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Araq @ehmry @xTrayambak