Bye bye MD5 #22101
Merged
Bye bye MD5 #22101
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This was pointing to a broken upstream URL and is a beta release. No dependent in the nixpkgs tree.
libjpeg62 is broken as well
This package has broken upstream url and was only used by warsow
The package is a java library that no other project is using and which upstream source doesn't work. See http://www.program-transformation.org/Tools/JJTraveler
The package is broken since September, doesn't have a maintainer and uses md5 for hashing
The package has: * broken source URL * uses md5 hash * no maintainer * is a library with nobody depending on it
Unfortunately the upstream has gone and I didn't find any replacement sources.
|
Can we actively prevent people from using md5 going forward? |
|
Yes we can put an assert in fetch*. Probably a good idea now… Do we want
to allow overriding the assert with a special parameter? Is there
a reason not to block MD5?
|
|
This PR does a bit more than remove md5... Looks good to me though. |
|
Yes I can add a commit for that. Recently we had a MD5 usage warning on
fetchurl but it was reverted because it generated too much noise. I suppose
that now it can be adapted and re-introduced.
…On Tue, 24 Jan 2017, 18:03 Michael Raskin, ***@***.***> wrote:
Yes we can put an assert in fetch*. Probably a good idea now… Do we want
to allow overriding the assert with a special parameter? Is there
a reason not to block MD5?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#22101 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAAMsKmD-Jk8g4AUqCWRD0_py-Ei1JlQks5rVjzpgaJpZM4LshY8>
.
|
|
I'd say we assert on MD5 without an escape hatch and add it to the 17.03 release notes; if someone really wants to use MD5 they can patch nixpkgs themselves. I also think it's be nice to remove MD5 from Nix itself. |
|
@edolstra was saying that it might be nice to leave md5 in Nix itself to be
able to evaluate old nixpkgs. I'd prefer to hide it behind an opt-in flag
but don't feel too strongly about it.
…On Tue, Jan 24, 2017 at 13:57 Aneesh Agrawal ***@***.***> wrote:
I'd say we assert on MD5 without an escape hatch and add it to the 17.03
release notes; if someone really wants to use MD5 they can patch nixpkgs
themselves.
I also think it's be nice to remove MD5 from Nix itself.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#22101 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AAAKPyik1R9Ku3M11ibEWB8j_I53FN65ks5rVkmmgaJpZM4LshY8>
.
|
grahamc
approved these changes
Jan 25, 2017
fpletz
approved these changes
Jan 25, 2017
Mic92
reviewed
Jan 25, 2017
| @@ -40,22 +40,6 @@ let | |||
| ''; | |||
| }; | |||
|
|
|||
| mkDictFromRedIRIS = | |||
There was a problem hiding this comment.
for future references: https://github.com/LibreOffice/dictionaries
Mic92
approved these changes
Jan 25, 2017
domenkozar
reviewed
Jan 25, 2017
| @@ -59,5 +59,6 @@ stdenv.mkDerivation rec { | |||
| license = licenses.unfreeRedistributable; | |||
| maintainers = with maintainers; [ astsmtl ]; | |||
| platforms = platforms.linux; | |||
| broken = true; # Depends on a specific old libjpeg version | |||
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Motivation for this change
This PR removes all remaining usage of MD5 as a source hash.
I'm being a bit drastic in some cases
Things done
(nix.useSandbox on NixOS,
or option
build-use-sandboxinnix.confon non-NixOS)
nix-shell -p nox --run "nox-review wip"./result/bin/)