16 Feb
2008
16 Feb
'08
3:21 a.m.
On Feb 15, 2008, at 21:16, js wrote:
As you know, MD5 has serious flaws (http://en.wikipedia.org/wiki/MD5) So recently I don't use it and even remove it when I found it in the checksum part of portfile. I thought dropping use of md5 in portfile would be nice.
Any thought?
Disagree. Three types of checksums (md5, sha1, rmd160) in a portfile are stronger than just two. I would agree that ports should not use md5 alone, but I would also say that ports should not use sha1 or rmd160 alone. Ports should use all three checksum types. port lint should warn if a portfile uses just a single type of checksum for a file.