-
-
Notifications
You must be signed in to change notification settings - Fork 655
Closed
Description
Currently we use
sha1=fa2ae4db119f639a01b02f99f1ba671ece2828eb
md5=0d270c997aff29708c74d53f599ef717
cksum=1153713708
all of which do not provide sufficient protection against collision attacks.
Concurring with the suggestion in https://groups.google.com/g/sage-devel/c/ckJuCIdStVU/m/ONTDxjGnAQAJ, we should switch to sha256.
- Add methods for sha256, parallel to existing methods for sha1
- Update method
checksum_verifies
and emit warning if a package only has a sha1 hash, not a sha256 hash - Remove methods for md5, cksum (already marked as outdated in the code)
- Update
checksums.ini
files
Files to edit:
- build/sage_bootstrap/package.py
- build/sage_bootstrap/tarball.py
- build/test/test_package_cmdline.py