jmr at macports.org
Sun Jan 16 07:04:32 PST 2011
On 2011-1-16 22:10 , Ryan Schmidt wrote:
> I've committed lots of updates lately where I use only the sha1 and rmd160 checksums, omitting the md5 checksum. As we've discussed before, there is good reason to use more than just a single checksum algorithm (security against a vulnerability being discovered in any one checksum algorithm), but I see no point to using more than two checksum algorithms. And I picked the two newest algorithms, since for many other applications md5 is already considered obsolete. I suggest this is what we should do going forward. Perhaps we could change the "port -d checksum" output to no longer suggest the md5 checksums. As we update ports, we should remove md5 checksums, preferring the sha1/rmd160 pair. And perhaps a couple years down the road we can remove md5 support from MacPorts entirely.
That's a pretty weak argument. Whatever md5's weaknesses, having it is
still better than not having it.
That's tangential to my original question though. Applying your personal
preference on this topic to ports maintained by others seems like
uncalled-for meddling to me.
More information about the macports-dev