[98388] trunk/dports/databases
Craig Treleaven
ctreleaven at cogeco.ca
Fri Oct 5 18:49:44 PDT 2012
At 6:01 PM -0700 10/5/12, Blair Zajac wrote:
>On 10/05/2012 05:53 PM, Jeremy Lavergne wrote:
>>It isn't any worse than stealth updates: it would still be out of
>>our hands, a calculated risk.
>
>Choosing a short hash is always ones own fault and one would then
>have to clean it up, unlike stealth updates which are caused by
>upstream.
I think you're overstating the risk. The risk is that a short hash
won't be unique _within a project's repository_. You won't get
someone else's project. In that (unlikely) event, MacPort's
checksums will identify that you didn't get the right code. Minor
hassle while another character is added to the short hash if it
happens in our lifetime.
I'm not that good with statistics, but there are 26 alpha and 10
numeric characters available in each position. 7 positions is a
_lot_ of available hashes! I used 8--which gives 36 times as many
unique hashes.
Craig
(Just to prove I'm not good with stats: I have a ticket in tonight's
$50 M lottery. ;)
More information about the macports-dev
mailing list