[107076] trunk/dports/python
Leo Singer
aronnax at macports.org
Tue Jun 18 16:38:37 PDT 2013
On Jun 18, 2013, at 3:14 PM, Ryan Schmidt <ryandesign at macports.org> wrote:
> On Jun 17, 2013, at 15:42, aronnax at macports.org wrote:
>
>> Revision: 107076
>> https://trac.macports.org/changeset/107076
>> Author: aronnax at macports.org
>> Date: 2013-06-17 13:42:06 -0700 (Mon, 17 Jun 2013)
>> Log Message:
>> -----------
>> py-twilio: new port, Twilio API client and TwiML generator
>>
>> Added Paths:
>> -----------
>> trunk/dports/python/py-twilio/
>> trunk/dports/python/py-twilio/Portfile
>
>> +checksums md5 a33890f8b1527af9cd0d2018949934ea
>
> The md5 algorithm is not secure:
>
> http://en.wikipedia.org/wiki/MD5#Security
>
> Using just an md5 checksum should not be considered adequate. We should use at least two checksums per distfile; the current recommendation is to use rmd160 and sha256 checksums.
>
Thank you. Fixed in r107135.
For PyPI packages, I like to add the MD5 checksum as I found it on the PyPI project's page---that comes over https, so I presume that both it and the tarball that I obtain from PyPI are both genuine. Then I set the rmd160 and sha256 checksums to totally bogus values (like f00) to make MacPorts compute them and print them to the log. I then update the rmd160 and sha256 checksums in the Portfile accordingly.
Leo
More information about the macports-dev
mailing list