[79069] trunk/base/src/port1.0/portchecksum.tcl

Joshua Root jmr at macports.org
Wed Jun 1 14:30:23 PDT 2011


On 2011-6-1 21:46 , Ryan Schmidt wrote:
> 
> On Jun 1, 2011, at 06:30, Joshua Root wrote:
> 
>> On 2011-6-1 21:06 , Ryan Schmidt wrote:
>>>
>>> On May 31, 2011, at 21:17, jmr at macports.org wrote:
>>>
>>>> # types to recommend if none are specified in the portfile
>>>> -set default_checksum_types {sha1 rmd160}
>>>> +set default_checksum_types {rmd160 sha256}
>>>
>>>
>>> Shouldn't we wait on this change until we release a version of MacPorts that includes support for sha256? The purpose of listing two checksum types is so that, if one algorithm becomes insecure, the other still confirms the distfile is the same. But MacPorts 1.9.2 does not check sha256 checksums.
>>
>> Huh? This change is *in* a version of MacPorts that has sha256 support.
> 
> I realize that. But we will have some early adopters who are running trunk today. They will use "port -d checksum" to see the "recommended" set of checksums and copy that into Portfiles today, not realizing that today's released MacPorts doesn't do sha256.

OK, so they should not do that, and we should not delay the release too
long. I just don't see how it would be useful to make the change after
the release.

- Josh


More information about the macports-dev mailing list