This is the mail archive of the cygwin-apps mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: setup

On Jun  2 07:17, Achim Gratz wrote:
> Corinna Vinschen writes:
> >> Because of the openssl branch in Git.
> >
> > Oh, that was a bad idea.  I won't remove the branch for historical
> > reasons, but we don't really want to link agaionst OpenSSL when we
> > already link against gcrypt.
> OK, makes sense.
> >> > This was a drop-in replacement for Digest::MD5.  Anything else I'll
> >> > let somebody do who better knows perl.
> >> 
> >> THen the call $ctx->hexdigest() would need to be replaced by
> >> $ctx->b64digest().
> >
> > No, it would need to support this additionally.
> Why?  In any case it'd be easy enough to make it switchable.

Transition period.  We should do changes like that in two steps, first
updating to a setup which handles the new checksums, then changing the
generation of checksums to the new method.  Like we did with
MD5->SHA512.  It's smoother that way.  It's also certainly not a bad
idea to continue supporting the older checksum methods.  You're very
likely not the only person creating his/her own setup.ini files and
every change may break a script elsewhere :)

> >> > Apart from this, the sah512.sum files are not only generated for the
> >> > Cygwin release dir, they are generated on the sourceware ftp area
> >> > system-wide.
> >> 
> >> I'm only talking about SHA512 in the setup.ini files, though.  The
> >> sha512.sum files have no bearing on that.
> >
> > So what exactly is the problem with the longer checksums?  I don't
> > see any problem here, especially when the file is being compressed
> > anyway.
> I'm not concerned about the size (although I note that even if
> compression recognized it's looking at an SHA512 it would at best be
> able to compress it down to 64 bytes anyway).  The difference between
> 128 and 86 (or 88 padded) characters is pretty noticeable on screen.
> It's probably a bit unusual that I look at setup files so often (since I
> generate my own),

You seem to be doing this on a regular basis with your own scripts.  Is
that right?  Would you think your own method is just hacked to work, or
do you think your own ini creation scripts are clean enough to release
them to the public?

I'm asking because, right now, we're relying on a convoluted perl script
set which is hard to understand (at least for non-perl guys), is missing
comments, has no maintainer, and above all, has a questionable license.

Upset is a beast.  It handles ini file creation as well as creating the
package information for,
as well as the package upload post-processing.

I would very much appreciate if we could split these tasks into separate,
independent scripts or tools under GPL or BSD license.

So, what about your scripts?  Do you think they could be used as a
start?  Do you have, perhaps, fun to rewrite the upset functionality in
a maintainable form and *gasp* maintain it?


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgp5kYA_C3aKv.pgp
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]