Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 642074 - sys-apps/portage: ${PKGDIR}/Packages hashes should be configurable (beyond MD5 and SHA1)
Summary: sys-apps/portage: ${PKGDIR}/Packages hashes should be configurable (beyond MD...
Status: CONFIRMED
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Binary packages support (show other bugs)
Hardware: All All
: Normal normal (vote)
Assignee: Portage team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 193766
  Show dependency tree
 
Reported: 2017-12-22 22:16 UTC by Zac Medico
Modified: 2023-12-20 17:39 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Zac Medico gentoo-dev 2017-12-22 22:16:25 UTC
There are better hashes than MD5 and SHA1 available these days. We use BLAKE2B and SHA512 for ebuild Manifests these days.
Comment 1 Zac Medico gentoo-dev 2020-01-20 21:07:52 UTC
The list of hashes needs to be configurable, like layout.conf manifest-hashes and manifest-required-hashes settings.
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2023-12-20 17:39:42 UTC
We can still do this, but I feel like it matters a lot less now we have signing.