Let's avoid using md5 as checksum

js ebgssth at gmail.com
Fri Feb 15 20:14:25 PST 2008


> Disagree. Three types of checksums (md5, sha1, rmd160) in a portfile
> are stronger than just two.
> I would agree that ports should not use md5 alone, but I would also
> say that ports should not use sha1 or rmd160 alone. Ports should use
> all three checksum types.

When we have sha1 and rmd160 using md5 as a checksum is meaningless.
What do you mean by "stronger"?

> port lint should warn if a portfile uses just a single type of
> checksum for a file.

That's nice!


More information about the macports-dev mailing list