* maint.mk: announce-gen with --no-print-checksums?
@ 2021-05-12 20:15 Simon Josefsson via Gnulib discussion list
2021-05-12 21:25 ` Paul Eggert
0 siblings, 1 reply; 2+ messages in thread
From: Simon Josefsson via Gnulib discussion list @ 2021-05-12 20:15 UTC (permalink / raw)
To: bug-gnulib
[-- Attachment #1: Type: text/plain, Size: 2163 bytes --]
Hi! I just made a new release of libidn2, and after posting the
announcement I noticed that hash checksums was missing from my
announcement. It appears maint.mk's announce-gen rules always were like
this, I just didn't use them before. May I suggest the patch below as a
starting point, to at least make this configurable in cfg.mk? Untested,
primarily intended for discussion.
Further, one reason against dropping --no-print-checksums is that
announce-gen prints MD5 and SHA1 hashes. While it may not matter in
some use-cases, both algorithms have been broken and it is possible to
generate a different file with the same hash. For MD5 is relatively
cheap, for SHA1 it is expensive but within range for a lot of entities.
I think we should print checksums by default, drop MD5 but keep SHA1 for
a couple of more years, and introduce SHA224 or SHA256. One issue is
that the SHA2 hashes in hex are longer and look ugly in email. OpenSSH
is using base64 encoded SHA256 hashes in their announcements, but I'm
not sure what tools there are that can parse them. I'm somewhat
inclined to follow their path and add support for base64 encoded hashes
in 'sha256sum', and then use that in announcen-gen. Thoughts?
/Simon
diff --git a/top/maint.mk b/top/maint.mk
index ae3a8170a..0d8e99b4c 100644
--- a/top/maint.mk
+++ b/top/maint.mk
@@ -1409,6 +1409,7 @@ announcement_mail_headers_alpha = \
announcement_mail_Cc_beta = $(announcement_mail_Cc_alpha)
announcement_mail_headers_beta = $(announcement_mail_headers_alpha)
+announce_gen_opts ?= --no-print-checksums
announcement_mail_Cc_ ?= $(announcement_mail_Cc_$(release-type))
announcement_mail_headers_ ?= $(announcement_mail_headers_$(release-type))
announcement: NEWS ChangeLog $(rel-files)
@@ -1426,7 +1427,7 @@ announcement: NEWS ChangeLog $(rel-files)
--bootstrap-tools=$(bootstrap-tools) \
$$(case ,$(bootstrap-tools), in (*,gnulib,*) \
echo --gnulib-version=$(gnulib-version);; esac) \
- --no-print-checksums \
+ $(announce_gen_opts) \
$(addprefix --url-dir=, $(url_dir_list))
.PHONY: release-commit
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: maint.mk: announce-gen with --no-print-checksums?
2021-05-12 20:15 maint.mk: announce-gen with --no-print-checksums? Simon Josefsson via Gnulib discussion list
@ 2021-05-12 21:25 ` Paul Eggert
0 siblings, 0 replies; 2+ messages in thread
From: Paul Eggert @ 2021-05-12 21:25 UTC (permalink / raw)
To: Simon Josefsson, bug-gnulib
On 5/12/21 1:15 PM, Simon Josefsson via Gnulib discussion list wrote:
> I'm somewhat
> inclined to follow their path and add support for base64 encoded hashes
> in 'sha256sum', and then use that in announcen-gen.
Sounds good to me. I suppose it would be a --base64 option?
At some point we might want to make --base64 the default....
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-05-12 21:26 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-12 20:15 maint.mk: announce-gen with --no-print-checksums? Simon Josefsson via Gnulib discussion list
2021-05-12 21:25 ` Paul Eggert
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).