From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 126239 invoked by alias); 2 Jun 2015 08:29:35 -0000 Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com Received: (qmail 126228 invoked by uid 89); 2 Jun 2015 08:29:34 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-5.4 required=5.0 tests=AWL,BAYES_00,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-HELO: calimero.vinschen.de Received: from aquarius.hirmke.de (HELO calimero.vinschen.de) (217.91.18.234) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 02 Jun 2015 08:29:32 +0000 Received: by calimero.vinschen.de (Postfix, from userid 500) id DE2FFA807C6; Tue, 2 Jun 2015 10:29:29 +0200 (CEST) Date: Tue, 02 Jun 2015 08:29:00 -0000 From: Corinna Vinschen To: cygwin-apps@cygwin.com Subject: Re: setup Message-ID: <20150602082929.GA4308@calimero.vinschen.de> Reply-To: cygwin-apps@cygwin.com Mail-Followup-To: cygwin-apps@cygwin.com References: <87382fdvjp.fsf@Rainer.invalid> <20150531102421.GB4329@calimero.vinschen.de> <878uc3l2my.fsf@Rainer.invalid> <20150601183432.GT4308@calimero.vinschen.de> <874mmrky4e.fsf@Rainer.invalid> <20150601210617.GW4308@calimero.vinschen.de> <87wpzm664z.fsf@Rainer.invalid> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="JF+ytOk7PH04NsRm" Content-Disposition: inline In-Reply-To: <87wpzm664z.fsf@Rainer.invalid> User-Agent: Mutt/1.5.23 (2014-03-12) X-SW-Source: 2015-06/txt/msg00020.txt.bz2 --JF+ytOk7PH04NsRm Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-length: 3062 On Jun 2 07:17, Achim Gratz wrote: > Corinna Vinschen writes: > >> Because of the openssl branch in Git. > > > > Oh, that was a bad idea. I won't remove the branch for historical > > reasons, but we don't really want to link agaionst OpenSSL when we > > already link against gcrypt. >=20 > OK, makes sense. >=20 > >> > This was a drop-in replacement for Digest::MD5. Anything else I'll > >> > let somebody do who better knows perl. > >>=20 > >> THen the call $ctx->hexdigest() would need to be replaced by > >> $ctx->b64digest(). > > > > No, it would need to support this additionally. >=20 > Why? In any case it'd be easy enough to make it switchable. Transition period. We should do changes like that in two steps, first updating to a setup which handles the new checksums, then changing the generation of checksums to the new method. Like we did with MD5->SHA512. It's smoother that way. It's also certainly not a bad idea to continue supporting the older checksum methods. You're very likely not the only person creating his/her own setup.ini files and every change may break a script elsewhere :) > >> > Apart from this, the sah512.sum files are not only generated for the > >> > Cygwin release dir, they are generated on the sourceware ftp area > >> > system-wide. > >>=20 > >> I'm only talking about SHA512 in the setup.ini files, though. The > >> sha512.sum files have no bearing on that. > > > > So what exactly is the problem with the longer checksums? I don't > > see any problem here, especially when the file is being compressed > > anyway. >=20 > I'm not concerned about the size (although I note that even if > compression recognized it's looking at an SHA512 it would at best be > able to compress it down to 64 bytes anyway). The difference between > 128 and 86 (or 88 padded) characters is pretty noticeable on screen. > It's probably a bit unusual that I look at setup files so often (since I > generate my own), You seem to be doing this on a regular basis with your own scripts. Is that right? Would you think your own method is just hacked to work, or do you think your own ini creation scripts are clean enough to release them to the public? I'm asking because, right now, we're relying on a convoluted perl script set which is hard to understand (at least for non-perl guys), is missing comments, has no maintainer, and above all, has a questionable license. Upset is a beast. It handles ini file creation as well as creating the package information for https://cygwin.com/cgi-bin2/package-grep.cgi, as well as the package upload post-processing. I would very much appreciate if we could split these tasks into separate, independent scripts or tools under GPL or BSD license. So, what about your scripts? Do you think they could be used as a start? Do you have, perhaps, fun to rewrite the upset functionality in a maintainable form and *gasp* maintain it? Corinna --=20 Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat --JF+ytOk7PH04NsRm Content-Type: application/pgp-signature Content-length: 819 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJVbWlpAAoJEPU2Bp2uRE+gRU8P/AmnMd1vexaSU0LpaVYShtox l7yb0k/lKQ3bnTEoKgd4z2RWvMvYmFeMDwKB3YqiR9Z2GEyQm5ZBbL186012lliY yhkB6STKfo/B2+fcJh1hXOeNAqnjSRkVvfmlJOBJFpp/m7bRR6elQlw1XQ6/9bXo r1rKyYbOerVYNOn0O6TM8Za0/2Se2CyKj9HjeeyeLt8cpIJqS6L/ILEMeSYsy9iu BTBz6AIUWCDqgk+91oiZ177eQZ6k5pw2gOpBT9m+FOmJdv4jysHlQ35JX2ILAUcC 62NE9+HBq6j2UgDHFnVDE0oQIJymz1/3A0Dfy+m0sEyW2KyMvFcL4hlNVpPVudhc 9O1NK03ejWgtWmAPEisrvrQHCUc4iwcLat8umAcjC2QP4bHoI/I15smwJhSW9iIB N9+VfGkWqxMfTRcYt5A0R9IY3HiAcV9ar9BYWwy5LzpkppcKgB5Il5d7JlR9t/Sa 2JAVsRGoao+BLjouj6kdCn6iq7j9xlQ5opFp9gemArIlxV3/cNNWE897TxEReV7N P/BSIE1r3KhVBE1L74NaMX6ZMjTLhsDGsJee8yW9R+EodZlE6GdSD19x7cYCPxcP yRyAWCLWxrRz+6bMd0J+CHzAxb0l6um0kUT8kwcyVBJV0HQA8kx82NsUjEgk3TEP pDh7qyvItknZES/u6sDq =G6vi -----END PGP SIGNATURE----- --JF+ytOk7PH04NsRm--