[MacPorts] #50775: haproxy: update to 1.6.3
MacPorts
noreply at macports.org
Thu Mar 17 09:54:00 PDT 2016
#50775: haproxy: update to 1.6.3
-------------------------+-------------------
Reporter: relgames@… | Owner: sam@…
Type: update | Status: new
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: haproxy |
-------------------------+-------------------
Comment (by relgames@…):
Replying to [comment:1 mf2k@…]:
> A comment about the patch. The rmd160 and sha256 checksums need to stay.
See the [https://guide.macports.org/#reference.phases.checksum guide
section about checksums]. md5 is considered insecure but can be kept if
upstream publishes it.
HAproxy download page has only MD5 hashes
http://www.haproxy.org/download/1.6/src/
Meaning, rmd160 and sha256 will be calculated by me and not taken from the
upstream.
If MD5 is insecure, what makes you think I can't be affected? Hashes
calculated by me can't be validated by checking upstream download page,
you'll need to either trust me or re-calculate hashes yourself.
Do you still think I should do it?..
--
Ticket URL: <https://trac.macports.org/ticket/50775#comment:2>
MacPorts <https://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list