On Sat, Feb 08, 2020 at 10:50:08PM +0100, Chr. Clemens Lee via blfs-dev wrote:
> OK, thanks Bruce, I will proceed with 2.2.5 according to the book, as nothing
> bad has happened.
>
> However, you guys/girls might think about something better than md5sum for the
> next release (at least I see no reason why not to improve upon md5sum.. as
> projects don't hesitate to switch from gz to xz etc., make to ninja.. here it
> would be really worthwhile - IMHO).
>
> Cu around, ciao,
> Clemens
What do you suggest, and how does it compare to md5sums ? Looking
at sha variants (on firefox which is a medium-large tarball) the
speed is similar or faster, but the problem is that the output is
much longer and for many people it will make a right mess of the
book's pages.
For source code, manipulating a tarball so that it contains hacked
source and still has the same md5sum is probably possible, at the
expense of adding some gibberish in documentation or graphic files.
But currently it's probably a small risk.
Clearly sha1sum is little better than md5sum from a security
perspective, but perhaps a combination of md5sum and sha1sum (an
extra eight bytes of output) might help ? Still very ugly, and a
pain to add to the book.
ken@plexi ~ $for P in md5sum sha1sum sha224sum sha256sum sha384sum sha512sum ;
do echo $P ':' ; $P /sources/firefox-68.4.2esr.source.tar.xz ; echo ; done
md5sum :
914be34dc3e170cdf29eeeb4a0fefe07 /sources/firefox-68.4.2esr.source.tar.xz
sha1sum :
005701cf6dda606500dfd1bdc5158c0dff8329aa
/sources/firefox-68.4.2esr.source.tar.xz
sha224sum :
a1bf62650b2d78cfec927fc8d712848d43a5b3a93eb10a8b1c99890c
/sources/firefox-68.4.2esr.source.tar.xz
sha256sum :
5d523259d9a01ca147c088494b6a7bd402ba75b1679a963558b0a0151e7d2ef4
/sources/firefox-68.4.2esr.source.tar.xz
sha384sum :
2992a181965ca7f4f9aec3aa97b6817acb951c7d4231d92fdf46a464c3f858b3715e060f5ca4a4d3ab8f751998d6c297
/sources/firefox-68.4.2esr.source.tar.xz
sha512sum :
e13bb141ad1c138cd9d8dd5d6996224ebe146ce08f0ad9cd37a20a85e8cd33db14e6bf1ab055aab7d3ae6f204ed2cb1ee02d5e6fb3d94778098156e1a46b7d6c
/sources/firefox-68.4.2esr.source.tar.xz
ĸen
--
We had folksingers in the lower bar for six months back home where
I worked. In the end we had to get a man in with a ferret.
-- Polly, in "Interesting Times"
--
http://lists.linuxfromscratch.org/listinfo/blfs-dev
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
