[Scons-dev] RFC: Proposal for remote caching
Bill Deegan
bill at baddogconsulting.com
Mon Dec 9 18:51:24 EST 2019
re switching hashes.
Do we have any perf comparisons for MD5 vs SHA-256 in general and in SCons?
While I think adding SHA-256 has value, I'd be hesitant to make it the
default and/or remove MD5.
Also there needs to be a reasonable solution to (de)serializing which hash
is used to sconsign.
On Mon, Dec 9, 2019 at 1:34 PM Mats Wichmann <mats at wichmann.us> wrote:
>
> > 2.1.3 Changes Needed To Bazel Remote Cache Server
> >
> > Currently the Bazel remote cache server only supports SHA-256 for
> requests (e.g. GET http://bazel-cache.corp.int/cache/ac/<sha_256_hash>),
> while SCons by default uses MD5. As part of this project, VMware will be
> contributing code to the upstream Bazel remote cache server project to
> support MD5 and SHA-1. We have received confirmation from the project
> maintainer that (1) it is acceptable to do this and (2) no prefix is needed
> for these alternative hashing formats. As a result, the requests SCons
> would make would be of the form http://bazel-cache.corp.int/cache/ac/<md5_hash>
> or http://bazel-cache.corp.int/cache/ac/<sha1_hash>. As mentioned before,
> see the Threat Modeling section at the end of this page for more discussion
> on hash formats.
>
> I'm not sure we should actually further push md5. While it's not
> intended to be used for security purposes (and yes I read the section on
> that), we've already run into users who are not allowed to use it no
> matter what (there's a pending patch to failover to sha1 to address one
> of those users' concerns)... and there are fast algorithms in the SHA-2
> family as well as ones that didn't quite make the SHA-3 choice (namely,
> Blake) which are quite fast on Python. It may be time to transition?
>
> _______________________________________________
> Scons-dev mailing list
> Scons-dev at scons.org
> https://pairlist2.pair.net/mailman/listinfo/scons-dev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist2.pair.net/pipermail/scons-dev/attachments/20191209/0784b92e/attachment.html>
More information about the Scons-dev
mailing list