[MacPorts] #63885: Replace rmd160 use in MacPorts with something else
MacPorts
noreply at macports.org
Wed Nov 10 20:28:31 UTC 2021
#63885: Replace rmd160 use in MacPorts with something else
-------------------------+--------------------
Reporter: ryandesign | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: base | Version:
Resolution: | Keywords:
Port: |
-------------------------+--------------------
Comment (by ryandesign):
Replying to [comment:8 cjones051073]:
> Replying to [comment:6 ryandesign]:
> > We use two algorithms so that a compromise of one algorithm does not
compromise the integrity of the files.
>
> but then, we only use rmd160 to validate the binary tarballs, no ?
Yes, but the rmd160 used for the binary archives is not merely a checksum;
it is also somehow validating a signature with our public key. I have not
attempted to understand exactly how that works. If it is a problem that we
only use one algorithm there, we could use more than one.
--
Ticket URL: <https://trac.macports.org/ticket/63885#comment:11>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list