[pacman-dev] [PATCH 2/2] makepkg: add CRC checksums and set these to be the default
Eli Schwartz
eschwartz at archlinux.org
Fri Jan 24 02:39:06 UTC 2020
On 1/23/20 8:06 PM, Charles Duffy wrote:
> A potentially unforeseen consequence:
>
> At present, it is possible (albeit with use of tools that aren't as of
> present date publicly released, something I hope to change in the future)
> to use the Nix build system to build Arch packages (with some caveats, but
> generally manageable ones for folks who don't need these packages to be
> what Nix calls "pure").
>
> Nix identifies downloaded content by hash -- only build-time processes
> which can state a cryptographically strong checksum of their intended
> output prior to time of invocation are allowed to connect to the internet
> during the build process itself. cksum is not supported by Nix, whereas the
> other checksums supported by Arch are.
>
> Thus, moving to cksum -- quite aside from other concerns, which have been
> argued outside this thread -- would encourage an increased proportion of
> Arch packages not be buildable by Nix.
Wait... does that mean Nix considers md5 to be "cryptographically
strong"? o_O
--
Eli Schwartz
Bug Wrangler and Trusted User
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1601 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20200123/298743d4/attachment.sig>
More information about the pacman-dev
mailing list