This is the mail archive of the cygwin-apps mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Jun 2 07:17, Achim Gratz wrote: > Corinna Vinschen writes: > >> Because of the openssl branch in Git. > > > > Oh, that was a bad idea. I won't remove the branch for historical > > reasons, but we don't really want to link agaionst OpenSSL when we > > already link against gcrypt. > > OK, makes sense. > > >> > This was a drop-in replacement for Digest::MD5. Anything else I'll > >> > let somebody do who better knows perl. > >> > >> THen the call $ctx->hexdigest() would need to be replaced by > >> $ctx->b64digest(). > > > > No, it would need to support this additionally. > > Why? In any case it'd be easy enough to make it switchable. Transition period. We should do changes like that in two steps, first updating to a setup which handles the new checksums, then changing the generation of checksums to the new method. Like we did with MD5->SHA512. It's smoother that way. It's also certainly not a bad idea to continue supporting the older checksum methods. You're very likely not the only person creating his/her own setup.ini files and every change may break a script elsewhere :) > >> > Apart from this, the sah512.sum files are not only generated for the > >> > Cygwin release dir, they are generated on the sourceware ftp area > >> > system-wide. > >> > >> I'm only talking about SHA512 in the setup.ini files, though. The > >> sha512.sum files have no bearing on that. > > > > So what exactly is the problem with the longer checksums? I don't > > see any problem here, especially when the file is being compressed > > anyway. > > I'm not concerned about the size (although I note that even if > compression recognized it's looking at an SHA512 it would at best be > able to compress it down to 64 bytes anyway). The difference between > 128 and 86 (or 88 padded) characters is pretty noticeable on screen. > It's probably a bit unusual that I look at setup files so often (since I > generate my own), You seem to be doing this on a regular basis with your own scripts. Is that right? Would you think your own method is just hacked to work, or do you think your own ini creation scripts are clean enough to release them to the public? I'm asking because, right now, we're relying on a convoluted perl script set which is hard to understand (at least for non-perl guys), is missing comments, has no maintainer, and above all, has a questionable license. Upset is a beast. It handles ini file creation as well as creating the package information for https://cygwin.com/cgi-bin2/package-grep.cgi, as well as the package upload post-processing. I would very much appreciate if we could split these tasks into separate, independent scripts or tools under GPL or BSD license. So, what about your scripts? Do you think they could be used as a start? Do you have, perhaps, fun to rewrite the upset functionality in a maintainable form and *gasp* maintain it? Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
Attachment:
pgp5kYA_C3aKv.pgp
Description: PGP signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |