Date: Sat, 10 Mar 2001 16:55:18 +0200 From: Maxim Sobolev <sobomax@FreeBSD.org> To: Trevor Johnson <trevor@jpj.net> Cc: ports@FreeBSD.org, Alistair Crooks <agc@pkgsrc.org> Subject: Re: new message digest support in pkgsrc (fwd) Message-ID: <3AAA4055.94FE47C3@FreeBSD.org> References: <20010309162527.Q7303-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Trevor Johnson wrote: > I've added this utility to the FreeBSD ports collection (as > security/digest). > -- > Trevor Johnson > http://jpj.net/~trevor/gpgkey.txt > > ---------- Forwarded message ---------- > Date: Tue, 6 Mar 2001 15:01:23 +0000 > From: Alistair Crooks <agc@pkgsrc.org> > To: tech-pkg@netbsd.org > Subject: new message digest support in pkgsrc > > I have just committed changes to pkgsrc to add support for > message digests other than md5. > > > Add support for message digests other than md5 into pkgsrc. This is done > > by using the pkgsrc/pkgtools/digest package, and adding dependencies in > > bsd.pkg.mk to make sure that that package is up to date. > > > > There is no discernable performance decrease in using sha1 checksums > > over md5 ones, and most people advocate the use of sha1 or rmd160 over > > md5. > > > > As part of this change, move the initial setting of LOCALBASE, X11BASE > > and CROSSBASE into bsd.prefs.mk from bsd.pkg.mk. > > > > Addresses PR 11809. > > And now for some background: > > We have been advised that we should move away from the md5 algorithm, > and onto either sha1 or rmd160. We have done this by adding a new > package called digest, which is a small, statically-linked utility > which takes command line arguments of the form: > > digest -V > > which prints the version and exits, and > > digest algorithm [file...] > > which calculates a message digest, using algorithm, for all files > on the command line. If no files are specified, then standard > input is used. The output is of the same format as md5(1). The > digest utility is designed to be scalable, so that, as and when > new message digest algorithms come out, they can be incorporated. > > I considered modifying the existing cksum(1) utility, but thought > that it wasn't scalable enough, and I considered using openssl, but > didn't want pkgsrc to be dependent on openssl being installed, and > because the output format isn't the same as md5(1). > > digest should work fine with the existing md5 checksums. Over time, I > hope to migrate to sha1 in all of pkgsrc. This has been tested quite > extensively (with thanks to Thomas Klausner), but if you experience > any unusual side effects, please use send-pr in the usual way. Huh, interesting, but what real benefits does sha1 have for verifying distfiles compared with md5? IMO, md5(1) is a quite adequiate for the task, while headache and users' confusion in the md5->sha1 switching process are almost guranteed. Please don't propose useless changes just for the sake of change. -Maxim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3AAA4055.94FE47C3>