[141139] trunk/base/src/port1.0/portchecksum.tcl

Daniel J. Luke dluke at geeklair.net
Sun Oct 11 13:25:49 PDT 2015


+1

If we really want to encourage people to stop using the weak hashes, we could print a warning if any of them are in the output.

> On Oct 11, 2015, at 4:12 PM, Joshua Root <jmr at macports.org> wrote:
> How about this:
> 
> * If the checksums specified in the Portfile include sha256, just print
> out the actual values for those checksum types.
> 
> * If not, add sha256 to the list when printing out the actual values.
> 
> After all there's no harm in using weak hashes in addition to good ones.
> 
> - Josh
> 
> On 2015-10-12 07:02 , Joshua Root wrote:
>> Yes, and I seem to remember having this conversation once before... :)
>> 
>> On 2015-10-12 05:06 , Daniel J. Luke wrote:
>>> it’s really useful for the case when upstream publishes a checksum (that’s not one of our default ‘good’ ones) when the output includes the checksums that are in the portfile.
>>> 
>>>> On Oct 11, 2015, at 1:34 PM, jeremyhu at macports.org wrote:
>>>> Use $default_checksum_types for handy copy/paste output on checksum failure
>>>> 
>>>> This should help adoption of better, more robust hashing algorithms.

— 
Daniel J. Luke                                                                   
+========================================================+ 
| *---------------- dluke at geeklair.net ----------------* |                          
| *-------------- http://www.geeklair.net -------------* |                          
+========================================================+ 
|   Opinions expressed are mine and do not necessarily   |                          
|          reflect the opinions of my employer.          |                          
+========================================================+






More information about the macports-dev mailing list