# Matt Turner (2022-04-06)
# Dead package upstream. No reverse dependencies.
# Removal on 2022-05-06
dev-util/nemiver
signature.asc
Description: PGP signature
Dear all
the following packages are up for grabs after dropping
desktop-misc:
x11-misc/xfe
https://packages.gentoo.org/packages/x11-misc/xfe
There is an open version bump request:
https://bugs.gentoo.org/836834
--
Best,
Jonas
On Wed, Apr 6, 2022 at 1:29 PM Jason A. Donenfeld wrote:
>
> Sort of. The security between infra and users relies on SHA2-512. The
> security between devs and infra relies on SHA-1. I guess the "full
> system" depends on both, but I've been focused on the more likely
> issue of a community-run mir
> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
> So I'll spell out the different possibilities:
> 1) GPG uses SHA-512. Manifest uses SHA-512 and BLAKE2b.
> 1a) Possibility: SHA-512 is broken. Result: system broken.
> 1b) Possibility: BLAKE2b is broken. Result: nothing.
> 2) GPG uses SHA-512
On Wed, Apr 06, 2022 at 07:06:30PM +0200, Jason A. Donenfeld wrote:
> No, you're still missing the point.
>
> If SHA-512 breaks, the security of the system fails, regardless of
> what change we make. This is because GnuPG uses SHA-512 for its
> signatures.
Question directly for you Jason, because
Hi Rich,
On 4/6/22, Rich Freeman wrote:
> On Tue, Apr 5, 2022 at 8:05 PM Sam James wrote:
> Our security fails currently if EITHER SHA2-512 or a hardened version
> of SHA-1 are defeated. Our top gpg signature is bound to a git commit
> record by SHA2-512, and the git commit record is bound to e
On Wed, Apr 06, 2022 at 02:15:02AM +0200, Jason A. Donenfeld wrote:
> 2) Comparability: other distros use SHA2-512, as well as various
> upstreams, which means we can compare our hashes to theirs easily.
Can we expand on this specific thread for a moment?
I was the author of GLEP59 about changing
Hi Ulrich,
On Wed, Apr 6, 2022 at 6:38 PM Ulrich Mueller wrote:
> > Why? Then we're dependent on two things, either of which could break,
> > rather than one.
>
> See? If either of these should happen, then we'll be happy that we still
> have both hashes in our Manifest files.
>
> OTOH, if that a
> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
> Why? Then we're dependent on two things, either of which could break,
> rather than one.
See? If either of these should happen, then we'll be happy that we still
have both hashes in our Manifest files.
OTOH, if that argument is not relavant b
# David Seifert (2022-04-06)
# Unsupported branches, no consumers left, removal on 2023-01-01.
sys-devel/automake:1.13
sys-devel/automake:1.15
**NOTE**:
Slot 1.11 remains masked and will *not* be removed for the foreseeable
future, since developers may need it for de-ANSI-fication (ansi2knr)
supp
Hi Ulrich,
On 4/6/22, Ulrich Mueller wrote:
>> On Wed, 06 Apr 2022, Jason A Donenfeld wrote:
>
>> I think actually the argument I'm making this time might be subtly
>> different from the motions that folks went through last year.
>> Specifically, the idea last year was to switch to using BLAK
> On Wed, 06 Apr 2022, Thomas Bracht Laumann Jespersen wrote:
> - find $d/doc -name \*.txt -type l | while read s; do
> - [[ $(readlink "$s") = $vimfiles/* ]] && rm -f "$s"
> + find ${d}/doc -name \*.txt -type l | while read s; do
> +
12 matches
Mail list logo
