[bitbake-devel] [PATCH] bitbake: fetch2: Revalidate checksums, YOCTO #5571

Clemens Lang clemens.lang at bmw-carit.de
Fri Mar 6 14:27:40 UTC 2015


Hi,

On Fri, Mar 06, 2015 at 01:42:45PM +0000, Richard Purdie wrote:
> I am nervous about the amount and kind of code changes this is
> involving. Having "binary" data format files in pickle format is
> suboptimal in that the user can't easily inspect or change them and
> its not clear what the contents means.

That's correct, but I don't see it as a large problem because any issues
with the file format can be resolved by just deleting the donestamp (or
with the next changeset, touching the downloaded file).


> I was wondering about whether we should just drop to one checksum
> format and simplify the problem somewhat. I understand the reasons for
> supporting multiple checksum types though and if we add in a
> requirement to track timestamps too, the single format doesn't buy us
> anything.

I think the advantages of having multiple checksums when one of the
algorithms is no longer considered secure (as is already the case with
md5) outweighs the increased complexity. I'd rather modify the code in a
way that no longer hardcodes the supported checksum formats, so moving
to a more modern checksum would be as simple as updating documentation
and recipes.

New patch incoming after this mail.

-- 
Clemens Lang • Development Specialist
BMW Car IT GmbH • Lise-Meitner-Str. 14 • 89081 Ulm • http://bmw-carit.com
-------------------------------------------------------------------------
BMW Car IT GmbH
Geschäftsführer: Michael Würtenberger und Reinhard Stolle
Sitz und Registergericht: München HRB 134810
-------------------------------------------------------------------------



More information about the bitbake-devel mailing list