Re: [PATCH] dpkg-scanpackages: Add sha512 support

To: sweetyfish@deepin.org
Cc: debian-dpkg@lists.debian.org, lichenggang@uniontech.com
Subject: Re: [PATCH] dpkg-scanpackages: Add sha512 support
From: Guillem Jover <guillem@debian.org>
Date: Wed, 31 May 2023 23:32:50 +0200
Message-id: <[🔎] ZHe9Ao44Ajx5+2j6@thunder.hadrons.org>
Mail-followup-to: sweetyfish@deepin.org, debian-dpkg@lists.debian.org, lichenggang@uniontech.com
In-reply-to: <[🔎] 20230531081532.7652-1-sweetyfish@deepin.org>
References: <[🔎] 20230531081532.7652-1-sweetyfish@deepin.org>

Hi!

On Wed, 2023-05-31 at 16:15:32 +0800, sweetyfish@deepin.org wrote:
> From: 李成刚 <lichenggang@uniontech.com>

Thanks for the patch! Although I've had this implemented with
<https://git.hadrons.org/git/debian/dpkg/dpkg.git/commit/?h=pu/sha-512&id=4df34f697309a816f6e137f13296270ea84ed938>
for some time. The problem is that this would require first checking
that consumers can cope with the new field, and do not reject files
containing them (.dsc, .buildinfo, .changes, Packages, Sources, etc).
Then at least in Debian checking whether the added fields incur too
much bloat, for the potential security benefit they might bring.
(Offsetting this by removing fields would probably imply having to
bump the format versions for various of the involved files containing
these removed files.)

I'd be interested to know the motivation for this submission, and
depending on the reasoning perhaps I could modify the original patch
and make the support available but disabled by default. Also I've for
long been unsatisfied that the available support implies automatic
addition to all supported file formats, so I might also end up
untangling them.

Thanks,
Guillem

Reply to:

References:
- [PATCH] dpkg-scanpackages: Add sha512 support
  - From: sweetyfish@deepin.org

Prev by Date: [PATCH] dpkg-scanpackages: Add sha512 support
Previous by thread: [PATCH] dpkg-scanpackages: Add sha512 support
Index(es):
- Date
- Thread