Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
en:main:packaging_guidelines [2019/01/13 07:22]
emulatorman
en:main:packaging_guidelines [2019/02/14 21:48] (current)
emulatorman
Line 52: Line 52:
     * f) If there are no available tarballs. In this case, it should be used in a specific tag or branch from a version control system (VCS) and repackaged with the appropriate suffix (eg. **-bzr** for Bazaar, **-git** for Git, **-hg** for Mercurial and **-svn** for Subversion) until a final version is available.     * f) If there are no available tarballs. In this case, it should be used in a specific tag or branch from a version control system (VCS) and repackaged with the appropriate suffix (eg. **-bzr** for Bazaar, **-git** for Git, **-hg** for Mercurial and **-svn** for Subversion) until a final version is available.
     * g) If there is not support for GNU/Linux in tarballs, tags or branches. In this case, a master branch from a version control system (VCS) could be used temporarily and repackaged with the appropriate suffix (eg. **-bzr** for Bazaar, **-git** for Git, **-hg** for Mercurial and **-svn** for Subversion) until a final version with GNU/Linux support is available.     * g) If there is not support for GNU/Linux in tarballs, tags or branches. In this case, a master branch from a version control system (VCS) could be used temporarily and repackaged with the appropriate suffix (eg. **-bzr** for Bazaar, **-git** for Git, **-hg** for Mercurial and **-svn** for Subversion) until a final version with GNU/Linux support is available.
-  - **SHA512 or WHIRLPOOL**: All packages should use SHA512 or WHIRLPOOL ​cryptographic hash functions only. Other cryptographic hash functions such as MD5 and SHA1 should not be used because they are severely compromised. Exceptions are considered:+  - **SHA-512**: All packages should use SHA-512 ​cryptographic hash functions only. Other cryptographic hash functions such as MD5 and SHA-1 should not be used because they are severely compromised. Exceptions are considered:
     * a) If the package is using a version control system (VCS) because it does not contain GNU/Linux support or/and tarballs.     * a) If the package is using a version control system (VCS) because it does not contain GNU/Linux support or/and tarballs.
   - **GPG**: All packages should use signature verification. Exceptions are considered:   - **GPG**: All packages should use signature verification. Exceptions are considered:
     * a) If tarballs do not contain signatures.     * a) If tarballs do not contain signatures.
   - **Anti-obfuscation**:​ obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. All obfuscated code will be rejected without exceptions.   - **Anti-obfuscation**:​ obfuscation is the deliberate act of creating obfuscated code, i.e. source or machine code that is difficult for humans to understand. All obfuscated code will be rejected without exceptions.