[68957] trunk/base/ChangeLog
Ryan Schmidt
ryandesign at macports.org
Wed Jun 23 17:15:47 PDT 2010
On Jun 18, 2010, at 15:04, Jeremy Lavergne wrote:
>> The sha256 checksum was broken?
>
> Yes, the function didn't exist (second half of the patch)!
>
> At first I figured it was just that we hadn't applied it yet to debug message. When i looked further, running `port -d checksum` without the latest patch resulted in port believing that the port's checksum for a file didn't even exist.
My point was there was nothing broken about sha256 in MacPorts, and your patch did not fix anything. Rather, it added a new functionality: it added a sha256 line to the debug output from the checksum phase when the checksums don't match.
For one thing, this has now caused issues for those running trunk who don't realize that they now can't just copy and paste that into a port (because it doesn't work with MacPorts 1.9):
http://trac.macports.org/ticket/25396
For another, I'm unsure we really need sha256 checksums in there. It's already complete overkill that we're putting three different checksums; using four verges on crazy. The only reason we put more than one checksum at all is to prevent a vulnerability in any single checksum algorithm from compromising MacPorts' integrity, but this possibility itself is already so extremely remote as to be of virtually no interest at all. Really the only purpose the checksums need to serve is to ensure the distfile the user downloaded is the same one the port maintainer tested with.
More information about the macports-dev
mailing list