merch-redmine / jeremyevans.net wrote:
> sam.saffron (Sam Saffron) wrote:
> > It can use an ISEQ SHA1 hash as the key to the cache.
> 
> If this feature is added, it should at least use SHA256 as the
> hash function.  While the currently known SHA1 weaknesses may
> not matter in this particular case (if you are running
> untrusted code, you already have worse problems), it doesn't
> make sense to introduce usage of SHA1 in new code in cases
> where it is feasible to use a better hash function.

Agreed; and it needs to be written with hash agility in mind
for the future when SHA256 becomes insufficient.

Also, I think https://github.com/ko1/yomikomu should be in
stdlib(*) and there will be code sharing opportunity for
JIT and ISeq caches.



(*) because rubygems itself is a startup bottleneck for me

Unsubscribe: <mailto:ruby-core-request / ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-core>