This is the mail archive of the
mailing list for the binutils project.
Re: [GOLD] add new method for computing a build ID
On Wed, Oct 3, 2012 at 12:39 PM, David Miller <email@example.com> wrote:
> At the cost of needlessly making the hash weaker? That sounds like
> a terrible tradeoff, especially if it is found to be completely
> unnecessary after doing the experiements I suggested above.
It's not clear to me that "weaker" is a real issue here. I'm not
aware of any mechanism that uses the build ID as a signature for the
program. And while that would be feasible with gold, it would be
quite painful with GNU ld, since GNU ld does not do a hash of the
entire program but rather of selected pieces of it.
As far as I know, the only thing that people use the build ID for is
as a key for the executable to associate it with other data stored
elsewhere. If you attach a bit of additional information like the
name and size of the executable, almost any hash stronger than crc32
would suffice. I'm really not sure why GNU ld supports both md5 and
sha1. gold supports both because GNU ld does. The background is at
http://fedoraproject.org/wiki/RolandMcGrath/BuildID but doesn't
discuss why both are supported.