Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide

To: debian-devel@lists.debian.org
Subject: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
From: Joerg Jaspert <joerg@debian.org>
Date: Fri, 07 Aug 2015 23:01:13 +0200
Message-id: <[🔎] 877fp6rexy.fsf@gkar.ganneff.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20150807201702.GA12444@zira.vinc17.org> (Vincent Lefevre's message of "Fri, 7 Aug 2015 22:17:02 +0200")
References: <[🔎] 20150806210953.GA9011@jwilk.net> <[🔎] 55C4B892.5010709@gnu.org> <[🔎] 20150807192703.GA12628@zira.vinc17.org> <[🔎] 20150807201702.GA12444@zira.vinc17.org>

On 14026 March 1977, Vincent Lefevre wrote:

>> > contents that match in size and sum(1). I did it just with an
>> > editor, ddrescue and data from /dev/urandom, by brute force, without
>> > any knowledge about the algorithm of sum. And I did it not once, but
>> > twice.
>> sum(1) just gives a 16-bit checksum! So, it suffices to generate
>> N*65536 random compressed tarballs to get around N collisions with
>> a given file. Then the only problem is to get the right size, but
>> if one has random input, it is (almost) not compressible, so that
>> one will get "almost" the same size for each tarball. By controlling
>> how compression is done to reach the right size, this should even be
>> easier.
> The following script gives lzip collisions after a few seconds between
> arbitrary lzip tarballs. This is easier that a collision with a fixed
> tarball because of the birthday paradox. But one can do something
> similar by going to at most a few millions to get a collision with
> some given tarball of about 64 KB.

Is it only me thinking it now or is this really gone over way into the
comedy section? Why isn't this on -curiosa?

Person 1: xz is shit, use lzip, change around all your tools, invest
          tons of work

Debian: Na, we selected this, we stay with it, unless proven it gains
        something in OUR use case

Person 1: But xz is shit!

Debian: It doesn't matter in our use case.

Person 1: But xz is shit! [loads of examples of things that may go
          wrong]

[repeat forever]

This is not only getting annoying and ensuring that we won't ever switch
to lzip - the only way people now think about it is "thats the tool that
has this really annoying supporter" - it is also not getting anywhere.

If one wants to switch something in Debian one does not demand that
Debian switches $foo - one starts by doing as much of the work as can be
done. And providing good reasons why Debian should switch. Reasons that
consider the way we use it and all the tools around it.

Could we please end this thread? Thanks.

-- 
bye, Joerg
Just because I don't care doesn't mean I don't understand.

Reply to:

Follow-Ups:
- Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
  - From: Philip Hands <phil@hands.com>

References:
- Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
  - From: Jakub Wilk <jwilk@debian.org>
- Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
  - From: Antonio Diaz Diaz <antonio@gnu.org>
- Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
  - From: Vincent Lefevre <vincent@vinc17.net>
- Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
Next by Date: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
Previous by thread: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
Next by thread: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
Index(es):
- Date
- Thread