[70413] trunk/dports/devel/ppl/Portfile
Ryan Schmidt
ryandesign at macports.org
Sun Aug 8 15:29:39 PDT 2010
On Aug 8, 2010, at 17:16, Andrew Fernandes wrote:
> http://lists.macosforge.org/pipermail/macports-dev/2010-June/012253.html
>
> Ah - MD5. You are, of course, correct. I wasn't even considering MD5. :-) Within the crypto community, Ron Rivest (the inventor of MD5) recommended that people stop using it - I forget exactly when - sometime prior to 2000 or so.
That was my concern as well when I realized md5 is being used for new GSoC '10 MacPorts code:
http://lists.macosforge.org/pipermail/macports-dev/2010-August/012571.html
> SHA1 is still considered secure, although it is deprecated simply due to computers being faster. SHA256+ is recommended for current use.
sha256 is in MacPorts trunk already, so will be available in MacPorts 1.10.0 or maybe sooner.
> Anyway - it doesn't really matter. If two hashes are wanted, I can do that.
"port -d checksum" shows you three checksums. It's easy enough to add, and it really *really* ensures distfiles can't be compromised. :) When I get around to it I'll probably add a warning in "port lint" that will warn if only one algorithm is used.
More information about the macports-dev
mailing list