Re: dpkg-sig support wanted?
Scripsit Florian Weimer <fw@deneb.enyo.de>
> * Henning Makholm:
>>> I wouldn't use real base64, though, because it would mean that you can
>>> use its hashed output as a file name.
>> Good point. One might replace "/" with "_" and omit the final "=".
>> Having a "+" in the hash should be safe in most contexts.
> It should be replaced with "-". Beyond alphanumerics, only ".", "_",
> "-" are in the POSIX portable filename character set[1], and some
> systems do not allow the character "+" in file names.
However there are already plenty of files with "+" in their names
involved in Debian (e.g. /usr/lib/libstdc++.so.6).
Having every 64th hash-based filename start with "-" or "." would lead
to failure modes for shell scripts (mistaking the filename for a
command line option, resp. missing it in globs) that are just
infrequent enough that they might not be observed before a
quick-and-dirty script is deployed.
I think the conclusion is that no simple substitution is at the same
time Posix friendly and friendly towards quick-and-dirty scripting.
(Yes: substitute /+ with _-, and then move the last character of the
base64 encoding to the front. Due to zero padding it must come from
the set [AEIMQUYcgkosw048].)
--
Henning Makholm "You want to know where my brain is,
spetsnaz girl? Do you? Look behind you."
Reply to: