sha1 and rmd160
Arno Hautala
arno at alum.wpi.edu
Fri Apr 6 05:58:50 PDT 2012
On 2012-04-06, Blair Zajac <blair at orcaware.com> wrote:
> On 4/5/12 9:53 PM, Arno Hautala wrote:
>>
>> Also, I think md5 in Portfiles is deprecated. The preferred hashes are
>> rmd160 and sha256.
>
> If upstream provides a md5, I like to use it, as it makes double checking
> the
> port easier.
MacPorts is trying to phase out usage of md5 as it's considered
cryptographically broken. In this case, it'd be fine for you to use
the md5 to verify the checksum, but I still think the Portfile should
contain rmd160 and/or sha256. I'm aware of the ... "oddity" (?) and
extra effort of using different hashes at different stages, but I
presume that at some point md5 support will be removed from MacPorts.
You might as well start using the preferred hashes now, if only to get
used to a workflow that will be required in the future.
At least, that's my take on things.
--
arno s hautala /-| arno at alum.wpi.edu
pgp b2c9d448
More information about the macports-dev
mailing list