[75134] trunk/dports/net/mtr/Portfile
Blair Zajac
blair at orcaware.com
Sun Jan 16 10:38:24 PST 2011
On 1/16/11 3:10 AM, Ryan Schmidt wrote:
>
> On Jan 16, 2011, at 00:59, Joshua Root wrote:
>
> [in response to a commit by snc]
>
>> You've committed a lot of updates lately where the submitter's patch
>> contained an rmd160 checksum but you removed it. Is there a good reason
>> for this?
>
> I've committed lots of updates lately where I use only the sha1 and rmd160 checksums, omitting the md5 checksum. As we've discussed before, there is good reason to use more than just a single checksum algorithm (security against a vulnerability being discovered in any one checksum algorithm), but I see no point to using more than two checksum algorithms. And I picked the two newest algorithms, since for many other applications md5 is already considered obsolete. I suggest this is what we should do going forward. Perhaps we could change the "port -d checksum" output to no longer suggest the md5 checksums. As we update ports, we should remove md5 checksums, preferring the sha1/rmd160 pair. And perhaps a couple years down the road we can remove md5 support from MacPorts entirely.
However, if the upstream source only provides an md5 checksum, then we should
use that checksum.
Blair
More information about the macports-dev
mailing list