sha1 and rmd160
M. Daniel Becque
mdbecque at gmail.com
Fri Apr 6 06:09:08 PDT 2012
Arno,
The proftpd repository has an md5 file along with the binary. Does that
mean i must use md5 or can I, as you suggest, upgrade to the rmd160 and
sha256 hashes by generating them using openssl like below? Once I have
those hashes I could then just include them in the port as checksums rather
than the md5, sha1, and rmd160.
openssl sha256 path/to/file
openssl rmd160 path/to/file
On Fri, Apr 6, 2012 at 7:58 AM, Arno Hautala <arno at alum.wpi.edu> wrote:
> On 2012-04-06, Blair Zajac <blair at orcaware.com> wrote:
> > On 4/5/12 9:53 PM, Arno Hautala wrote:
> >>
> >> Also, I think md5 in Portfiles is deprecated. The preferred hashes are
> >> rmd160 and sha256.
> >
> > If upstream provides a md5, I like to use it, as it makes double checking
> > the
> > port easier.
>
> MacPorts is trying to phase out usage of md5 as it's considered
> cryptographically broken. In this case, it'd be fine for you to use
> the md5 to verify the checksum, but I still think the Portfile should
> contain rmd160 and/or sha256. I'm aware of the ... "oddity" (?) and
> extra effort of using different hashes at different stages, but I
> presume that at some point md5 support will be removed from MacPorts.
> You might as well start using the preferred hashes now, if only to get
> used to a workflow that will be required in the future.
>
> At least, that's my take on things.
>
> --
> arno s hautala /-| arno at alum.wpi.edu
>
> pgp b2c9d448
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.macosforge.org/pipermail/macports-dev/attachments/20120406/89a574e7/attachment.html>
More information about the macports-dev
mailing list