Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

PEP 458: add hash algorithm transition plan #1253

Merged
merged 1 commit into from
Jan 7, 2020
Merged

PEP 458: add hash algorithm transition plan #1253

merged 1 commit into from
Jan 7, 2020

Conversation

lukpueh
Copy link
Contributor

@lukpueh lukpueh commented Dec 11, 2019

Context:
Addresses a review comment from @dstufft on #1203 (comment), and follows a discussion in secure-systems-lab#68, where @brainwane proposed more detailed workflows. My reasoning for keeping it brief was that I was under the impression that client and uploader workflows are not actually in the scope of PEP 458. If desired I am happy to add additional details.

Changes:
Add subsection to section "Managing Future Changes to the Update Process" that explains how to transition from an old (e.g. because it has become weak) to a new (e.g. stronger) hashing algorithm without disrupting client workflows.

@lukpueh
PEP 458: add hash algorithm transition plan
c4251db 
Add subsection to section "Managing Future Changes to the Update
Process" that explains how to transition from an old (e.g. because
it has become weak) to a new (e.g. stronger) hashing algorithm
without disrupting client workflows.
@lukpueh lukpueh mentioned this pull request Dec 11, 2019
Closed
@brainwane
Copy link
Contributor

@mnm678 heads-up; how should this PR be dealt with? Perhaps you want to address it in the Discourse thread?

@brainwane
Copy link
Contributor

@ncoghlan @dstufft Would welcome your thoughts on how to proceed here. Perhaps @mnm678 should sort of introduce it and talk about it in the Discourse thread?

@ncoghlan ncoghlan merged commit 28cc445 into python:master Jan 7, 2020
@ncoghlan
Copy link
Contributor

ncoghlan commented Jan 7, 2020

I think it's in scope here, since the main requirement is to show that migrating away from a compromised hashing scheme is at least possible, even if it wouldn't be quick.

(The right BigQuery queries would even allow for data driven decisions on when it was reasonable to stop publishing the weaker hashes)

@lukpueh
Copy link
Contributor Author

lukpueh commented Jan 7, 2020

Thanks for reviewing and merging, @ncoghlan!

@mnm678 mnm678 mentioned this pull request Jan 8, 2020
Closed
@di di mentioned this pull request Feb 1, 2022
Open
52 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dstufft dstufft Awaiting requested review from dstufft

Assignees
No one assigned
Labels
CLA signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lukpueh @brainwane @ncoghlan @the-knights-who-say-ni