On Mon, Jan 14, 2008 at 08:53:13AM +0100, Raphael Hertzog wrote:
> There's also a possibility of not breaking the compatibility by simply
> adding a new field and leaving "Files" untouched:
> Checksums:
> <kind-of-checksum> <checksum> <name>
> I think it would be best that way. The size of the file then stay in the
> Files field as would the md5sum. If the user enables additional checksums,
> they end up in this new field.
It'd actually be good to be able to break Files in future, so that we're
forced to verify something other than md5sum. Otherwise there will
be code that doesn't check it properly, and that will end up being a
security problem.
Having it be:
Contents: sha256
28ee6a10eb280ede4b19c1b975aff5533016a26de67ba9212d51ffaea020ce34 355 foo
Files:
4bf7ff17bd9ddf3846d9065b3c594fb4 355 foo
or similar would be nice and non-redundant, and make it possible to drop
the Files: stanza at some point. I guess Contents-sha256: might be easier
to parse. Or call it "Checksum" or whatever.
I guess that means changing:
+ foreach my $alg (sort keys %sums) {
+ $fields->{'Checksums'} .= "\n $alg\t$sums{$alg} $filename";
+ }
to:
+ foreach my $alg (sort keys %sums) {
+ $fields->{'Checksum-$alg'} .= "\n $sums{$alg} $size $filename";
+ }
and something similar for parsing. Is there a git branch/repo with these
changes somewhere?
Cheers,
aj
Attachment:
signature.asc
Description: Digital signature