#50775: haproxy: update to 1.6.3 -------------------------+------------------- Reporter: relgames@… | Owner: sam@… Type: update | Status: new Priority: Normal | Milestone: Component: ports | Version: Resolution: | Keywords: Port: haproxy | -------------------------+------------------- Comment (by relgames@…): Replying to [comment:1 mf2k@…]:
A comment about the patch. The rmd160 and sha256 checksums need to stay. See the [https://guide.macports.org/#reference.phases.checksum guide section about checksums]. md5 is considered insecure but can be kept if upstream publishes it.
HAproxy download page has only MD5 hashes http://www.haproxy.org/download/1.6/src/ Meaning, rmd160 and sha256 will be calculated by me and not taken from the upstream. If MD5 is insecure, what makes you think I can't be affected? Hashes calculated by me can't be validated by checking upstream download page, you'll need to either trust me or re-calculate hashes yourself. Do you still think I should do it?.. -- Ticket URL: <https://trac.macports.org/ticket/50775#comment:2> MacPorts <https://www.macports.org/> Ports system for OS X