Let's avoid using md5 as checksum
Ryan Schmidt
ryandesign at macports.org
Fri Feb 15 19:21:43 PST 2008
On Feb 15, 2008, at 21:16, js wrote:
> As you know, MD5 has serious flaws (http://en.wikipedia.org/wiki/MD5)
> So recently I don't use it and even remove it when I found it in the
> checksum part of portfile.
> I thought dropping use of md5 in portfile would be nice.
>
> Any thought?
Disagree. Three types of checksums (md5, sha1, rmd160) in a portfile
are stronger than just two.
I would agree that ports should not use md5 alone, but I would also
say that ports should not use sha1 or rmd160 alone. Ports should use
all three checksum types.
port lint should warn if a portfile uses just a single type of
checksum for a file.
More information about the macports-dev
mailing list