[75134] trunk/dports/net/mtr/Portfile

Jeremy Lavergne jeremy at lavergne.gotdns.org
Sun Jan 16 10:40:04 PST 2011

That doesn't make much sense.

Why would we restrict ourselves below the preferred 2 hashes?

"Blair Zajac" <blair at orcaware.com> wrote:

>On 1/16/11 3:10 AM, Ryan Schmidt wrote:
>> On Jan 16, 2011, at 00:59, Joshua Root wrote:
>> [in response to a commit by snc]
>>> You've committed a lot of updates lately where the submitter's patch
>>> contained an rmd160 checksum but you removed it. Is there a good
>>> for this?
>> I've committed lots of updates lately where I use only the sha1 and
>rmd160 checksums, omitting the md5 checksum. As we've discussed before,
>there is good reason to use more than just a single checksum algorithm
>(security against a vulnerability being discovered in any one checksum
>algorithm), but I see no point to using more than two checksum
>algorithms. And I picked the two newest algorithms, since for many
>other applications md5 is already considered obsolete. I suggest this
>is what we should do going forward. Perhaps we could change the "port
>-d checksum" output to no longer suggest the md5 checksums. As we
>update ports, we should remove md5 checksums, preferring the
>sha1/rmd160 pair. And perhaps a couple years down the road we can
>remove md5 support from MacPorts entirely.
>However, if the upstream source only provides an md5 checksum, then we
>use that checksum.
>macports-dev mailing list
>macports-dev at lists.macosforge.org

More information about the macports-dev mailing list