Brooks Davis
2013-Jan-11 20:40 UTC
[LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
On Fri, Jan 11, 2013 at 09:33:17PM +0100, Benjamin Kramer wrote:> > On 11.01.2013, at 21:31, Justin Holewinski <justin.holewinski at gmail.com> wrote: > > > On Fri, Jan 11, 2013 at 3:26 PM, Benjamin Kramer <benny.kra at gmail.com> wrote: > > > > On 11.01.2013, at 07:36, ????????? (Wei-Ren Chen) <chenwj at iis.sinica.edu.tw> wrote: > > > > > Hi Pawel, > > > > > > PTX already be replaced with NVPTX. However, PTX subdirectory > > > still sit in lib/Target in 3.2 release. Do you think update the > > > release tarball is a good idea? Also could you remove it from > > > the trunk? > > > > Please do not, under no circumstances, change the 3.2 release tarballs at this point. They are mirrored around the world now with cryptographic hashes and signatures. Changing them will break things for many people, especially for an extremely minor thing like an empty directory. > > > > I'm not sure if Pawel's tarball change should be reverted now as it already caused uproar, so changing it back might only make matters worse. > > > > The tarballs were changed? > > r172208I finally updated the FreeBSD ports yesterday and today a user complained about distfile changes. IMO, this revision should be reverted or all the other BSDs will have to chase checksums as well. If you really want to remove the directory, ship a 3.2.1 tarball rather than screwing all the downstream consumers who's infrastructure exists to detect trojan'd tarballs. -- Brooks -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20130111/695cadc1/attachment.sig>
Justin Holewinski
2013-Jan-11 20:44 UTC
[LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
On Fri, Jan 11, 2013 at 3:40 PM, Brooks Davis <brooks at freebsd.org> wrote:> On Fri, Jan 11, 2013 at 09:33:17PM +0100, Benjamin Kramer wrote: > > > > On 11.01.2013, at 21:31, Justin Holewinski <justin.holewinski at gmail.com> > wrote: > > > > > On Fri, Jan 11, 2013 at 3:26 PM, Benjamin Kramer <benny.kra at gmail.com> > wrote: > > > > > > On 11.01.2013, at 07:36, ????????? (Wei-Ren Chen) < > chenwj at iis.sinica.edu.tw> wrote: > > > > > > > Hi Pawel, > > > > > > > > PTX already be replaced with NVPTX. However, PTX subdirectory > > > > still sit in lib/Target in 3.2 release. Do you think update the > > > > release tarball is a good idea? Also could you remove it from > > > > the trunk? > > > > > > Please do not, under no circumstances, change the 3.2 release tarballs > at this point. They are mirrored around the world now with cryptographic > hashes and signatures. Changing them will break things for many people, > especially for an extremely minor thing like an empty directory. > > > > > > I'm not sure if Pawel's tarball change should be reverted now as it > already caused uproar, so changing it back might only make matters worse. > > > > > > The tarballs were changed? > > > > r172208 > > I finally updated the FreeBSD ports yesterday and today a user > complained about distfile changes. IMO, this revision should be > reverted or all the other BSDs will have to chase checksums as well. > > If you really want to remove the directory, ship a 3.2.1 tarball rather > than screwing all the downstream consumers who's infrastructure exists > to detect trojan'd tarballs. >Yeah, that's bad news. What concerns me is that I don't remember seeing any official notification of a new release, not that there is cause to in this case anyway.> > -- Brooks >-- Thanks, Justin Holewinski -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20130111/4597e104/attachment.html>
Pawel Wodnicki
2013-Jan-11 20:47 UTC
[LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
On 1/11/2013 2:40 PM, Brooks Davis wrote:> On Fri, Jan 11, 2013 at 09:33:17PM +0100, Benjamin Kramer wrote: >> >> On 11.01.2013, at 21:31, Justin Holewinski >> <justin.holewinski at gmail.com> wrote: >> >>> On Fri, Jan 11, 2013 at 3:26 PM, Benjamin Kramer >>> <benny.kra at gmail.com> wrote: >>> >>> On 11.01.2013, at 07:36, ????????? (Wei-Ren Chen) >>> <chenwj at iis.sinica.edu.tw> wrote: >>> >>>> Hi Pawel, >>>> >>>> PTX already be replaced with NVPTX. However, PTX subdirectory >>>> still sit in lib/Target in 3.2 release. Do you think update >>>> the release tarball is a good idea? Also could you remove it >>>> from the trunk? >>> >>> Please do not, under no circumstances, change the 3.2 release >>> tarballs at this point. They are mirrored around the world now >>> with cryptographic hashes and signatures. Changing them will >>> break things for many people, especially for an extremely >>> minor thing like an empty directory. >>> >>> I'm not sure if Pawel's tarball change should be reverted now >>> as it already caused uproar, so changing it back might only >>> make matters worse. >>> >>> The tarballs were changed? >> >> r172208 > > I finally updated the FreeBSD ports yesterday and today a user > complained about distfile changes. IMO, this revision should be > reverted or all the other BSDs will have to chase checksums as > well. > > If you really want to remove the directory, ship a 3.2.1 tarball > rather than screwing all the downstream consumers who's > infrastructure exists to detect trojan'd tarballs.Tarball is signed, it is not trjoan. Your infrastructure should be able to deal with it?> > -- Brooks >Paweł
Krzysztof Parzyszek
2013-Jan-11 20:50 UTC
[LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
On 1/11/2013 2:47 PM, Pawel Wodnicki wrote:> > Tarball is signed, it is not trjoan. > Your infrastructure should be able to deal with it?There are two valid tarballs with different hashes. If you use a single expected hash to verify validity of a tarball you can flag a false-positive error. -Krzysztof -- Qualcomm Innovation Center, Inc. is a member of Code Aurora Forum, hosted by The Linux Foundation
Justin Holewinski
2013-Jan-11 20:51 UTC
[LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
On Fri, Jan 11, 2013 at 3:47 PM, Pawel Wodnicki <root at 32bitmicro.com> wrote:> On 1/11/2013 2:40 PM, Brooks Davis wrote: > > On Fri, Jan 11, 2013 at 09:33:17PM +0100, Benjamin Kramer wrote: > >> > >> On 11.01.2013, at 21:31, Justin Holewinski > >> <justin.holewinski at gmail.com> wrote: > >> > >>> On Fri, Jan 11, 2013 at 3:26 PM, Benjamin Kramer > >>> <benny.kra at gmail.com> wrote: > >>> > >>> On 11.01.2013, at 07:36, ????????? (Wei-Ren Chen) > >>> <chenwj at iis.sinica.edu.tw> wrote: > >>> > >>>> Hi Pawel, > >>>> > >>>> PTX already be replaced with NVPTX. However, PTX subdirectory > >>>> still sit in lib/Target in 3.2 release. Do you think update > >>>> the release tarball is a good idea? Also could you remove it > >>>> from the trunk? > >>> > >>> Please do not, under no circumstances, change the 3.2 release > >>> tarballs at this point. They are mirrored around the world now > >>> with cryptographic hashes and signatures. Changing them will > >>> break things for many people, especially for an extremely > >>> minor thing like an empty directory. > >>> > >>> I'm not sure if Pawel's tarball change should be reverted now > >>> as it already caused uproar, so changing it back might only > >>> make matters worse. > >>> > >>> The tarballs were changed? > >> > >> r172208 > > > > I finally updated the FreeBSD ports yesterday and today a user > > complained about distfile changes. IMO, this revision should be > > reverted or all the other BSDs will have to chase checksums as > > well. > > > > If you really want to remove the directory, ship a 3.2.1 tarball > > rather than screwing all the downstream consumers who's > > infrastructure exists to detect trojan'd tarballs. > > Tarball is signed, it is not trjoan. > Your infrastructure should be able to deal with it? >Many of these environments rely on checking against a known-good checksum. If a tarball is replaced at the source, that checksum changes. Once a release is cut, that particular release should never change. If a change is necessary, some sort of point release (3.2.1) is preferable, so anyone wanting 3.2 still gets the old binary with the old checksum.> > > > > -- Brooks > > > > Paweł > >-- Thanks, Justin Holewinski -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20130111/059f82db/attachment.html>
Brooks Davis
2013-Jan-11 21:59 UTC
[LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
On Fri, Jan 11, 2013 at 02:47:01PM -0600, Pawel Wodnicki wrote:> On 1/11/2013 2:40 PM, Brooks Davis wrote: > > On Fri, Jan 11, 2013 at 09:33:17PM +0100, Benjamin Kramer wrote: > >> > >> On 11.01.2013, at 21:31, Justin Holewinski > >> <justin.holewinski at gmail.com> wrote: > >> > >>> On Fri, Jan 11, 2013 at 3:26 PM, Benjamin Kramer > >>> <benny.kra at gmail.com> wrote: > >>> > >>> On 11.01.2013, at 07:36, ????????? (Wei-Ren Chen) > >>> <chenwj at iis.sinica.edu.tw> wrote: > >>> > >>>> Hi Pawel, > >>>> > >>>> PTX already be replaced with NVPTX. However, PTX subdirectory > >>>> still sit in lib/Target in 3.2 release. Do you think update > >>>> the release tarball is a good idea? Also could you remove it > >>>> from the trunk? > >>> > >>> Please do not, under no circumstances, change the 3.2 release > >>> tarballs at this point. They are mirrored around the world now > >>> with cryptographic hashes and signatures. Changing them will > >>> break things for many people, especially for an extremely > >>> minor thing like an empty directory. > >>> > >>> I'm not sure if Pawel's tarball change should be reverted now > >>> as it already caused uproar, so changing it back might only > >>> make matters worse. > >>> > >>> The tarballs were changed? > >> > >> r172208 > > > > I finally updated the FreeBSD ports yesterday and today a user > > complained about distfile changes. IMO, this revision should be > > reverted or all the other BSDs will have to chase checksums as > > well. > > > > If you really want to remove the directory, ship a 3.2.1 tarball > > rather than screwing all the downstream consumers who's > > infrastructure exists to detect trojan'd tarballs. > > Tarball is signed, it is not trjoan. > Your infrastructure should be able to deal with it?The FreeBSD ports collection maintains a set of sha256 hashes for each distfile. The system can deal with them changing, but it's an inconvenience to port maintainers and users. Even if we did have infrastructure to verify the signatures we'd still have to check the contents and would not just trust the signature since there's always a risk of keys being compromised. -- Brooks -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available URL: <http://lists.llvm.org/pipermail/llvm-dev/attachments/20130111/c3ecc424/attachment.sig>
Reasonably Related Threads
- [LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
- [LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
- [LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
- [LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release
- [LLVMdev] Obsolete PTX is NOT completely removed in 3.2 release