Closed Bug 684767 Opened 13 years ago Closed 12 years ago

Revisit creation of MD5SUMS/SHA1SUMS

Categories

(Release Engineering :: General, enhancement, P2)

Product:
Release Engineering
Component:
General
Platform:
x86
All
Type:
enhancement

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: nthomas, Assigned: rail)

References

Details

Currently we iterate over all the files to create MD5SUMS, then do the same again to create SHA1SUMS. This is slower than it could be because we're hashing gigabytes of data and can't expect the OS file cache to help the second time around.

We could do these instead:
* for each file calculate all the hashes together, so we only hit the disk for the first hash
* drop the existing files for a SHA512SUMS. IIRC md5 has known collisions, and SHA1 has theoretical collisions. Even if SHA1 was broken, it seems unlikely you could be able to modify a file and still make both hashes match the original, but we could just shift to something which is modern
It would be good if the *SUMS files pointed users to URLs for downloading the files SECURELY. (See bug 687164.)
(In reply to Matthew Elvey (Working address - Bug 120030 fix works!!!) from comment #1)
> It would be good if the *SUMS files pointed users to URLs for downloading
> the files SECURELY. (See bug 687164.)

This bug is about an optimisation to the process that generates the SUMS files. This is not relevant, please continue that conversation in an appropriate place.
Rail, will this be fixed by bug 708656 ?
(In reply to Nick Thomas [:nthomas] from comment #3)
> Rail, will this be fixed by bug 708656 ?

Yup. I'll track this bug as well.
Assignee: nobody → rail
Priority: P5 → P2
This is fixed by bug 708656 and available in 11.0b1
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Product: mozilla.org → Release Engineering
You need to log in before you can comment on or make changes to this bug.