sha1 and rmd160

Jeremy Lavergne jeremy at lavergne.gotdns.org
Sat Apr 7 22:38:01 PDT 2012


> I update a port's version, download the new distfile, compute the checksums, verify the port builds and looks somewhat sane, and commit it. The checksums are there to ensure anyone else who tries to install the port gets the same distfile I got.

I do this as well :-) I rely on the buildbot and tickets to point out issues.

I find it less likely that I'd be given a phishy distfile than the buildbot or other users: if there's a discrepancy then I'll explore it further.

Similarly, as I mentioned in the other thread, if we really do want to concern ourselves with matching the upstream checksums we can actually include _all_ checksums in every portfile.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8796 bytes
Desc: not available
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20120408/18ae17e5/attachment.bin>


More information about the macports-dev mailing list