[MacPorts] #63885: Replace rmd160 use in MacPorts with something else
MacPorts
noreply at macports.org
Wed Nov 10 20:29:40 UTC 2021
#63885: Replace rmd160 use in MacPorts with something else
-------------------------+--------------------
Reporter: ryandesign | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: base | Version:
Resolution: | Keywords:
Port: |
-------------------------+--------------------
Comment (by ryandesign):
Replying to [comment:9 pmetzger]:
> I think the probability of a high quality exploit that occurs without
prior warning against any of the modern hash algorithms is quite low.
It's obviously not about prior warning. It's about the fact that ports
often do not get touched for years, so we want security in case an
algorithm is discovered to be insecure and the portfile is then not
updated for years after that.
> We should also systematically get rid of reliance on MD5 (people with
inexpensive machines can fake that at this point) and SHA1 (people with
expensive machines can fake that at this point.)
Not when two different checksum types protect one file.
--
Ticket URL: <https://trac.macports.org/ticket/63885#comment:12>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list