sha1 and rmd160

Arno Hautala arno at alum.wpi.edu
Fri Apr 6 05:58:50 PDT 2012


On 2012-04-06, Blair Zajac <blair at orcaware.com> wrote:
> On 4/5/12 9:53 PM, Arno Hautala wrote:
>>
>> Also, I think md5 in Portfiles is deprecated. The preferred hashes are
>> rmd160 and sha256.
>
> If upstream provides a md5, I like to use it, as it makes double checking
> the
> port easier.

MacPorts is trying to phase out usage of md5 as it's considered
cryptographically broken. In this case, it'd be fine for you to use
the md5 to verify the checksum, but I still think the Portfile should
contain rmd160 and/or sha256. I'm aware of the ... "oddity" (?) and
extra effort of using different hashes at different stages, but I
presume that at some point md5 support will be removed from MacPorts.
You might as well start using the preferred hashes now, if only to get
used to a workflow that will be required in the future.

At least, that's my take on things.

-- 
arno  s  hautala    /-|   arno at alum.wpi.edu

pgp b2c9d448


More information about the macports-dev mailing list