sha1 and rmd160
Joshua Root
jmr at macports.org
Fri Apr 6 06:16:16 PDT 2012
On 2012-4-6 23:09 , M. Daniel Becque wrote:
> Arno,
> The proftpd repository has an md5 file along with the binary. Does that
> mean i must use md5 or can I, as you suggest, upgrade to the rmd160 and
> sha256 hashes by generating them using openssl like below? Once I have
> those hashes I could then just include them in the port as checksums
> rather than the md5, sha1, and rmd160.
>
> openssl sha256 path/to/file
> openssl rmd160 path/to/file
It's fine to use whatever upstream provides, just try to use more than
one hash type, especially if one of them is md5. It's not a bad idea to
be a little paranoid and get the upstream-provided values over SSL if
possible, and/or verify any PGP signature for the file(s) before
generating the hashes locally.
- Josh
More information about the macports-dev
mailing list