On Jun 18, 2010, at 15:04, Jeremy Lavergne wrote: >> The sha256 checksum was broken? > > Yes, the function didn't exist (second half of the patch)! > > At first I figured it was just that we hadn't applied it yet to debug > message. When i looked further, running `port -d checksum` without the latest > patch resulted in port believing that the port's checksum for a file didn't > even exist.
My point was there was nothing broken about sha256 in MacPorts, and your patch did not fix anything. Rather, it added a new functionality: it added a sha256 line to the debug output from the checksum phase when the checksums don't match. For one thing, this has now caused issues for those running trunk who don't realize that they now can't just copy and paste that into a port (because it doesn't work with MacPorts 1.9): http://trac.macports.org/ticket/25396 For another, I'm unsure we really need sha256 checksums in there. It's already complete overkill that we're putting three different checksums; using four verges on crazy. The only reason we put more than one checksum at all is to prevent a vulnerability in any single checksum algorithm from compromising MacPorts' integrity, but this possibility itself is already so extremely remote as to be of virtually no interest at all. Really the only purpose the checksums need to serve is to ensure the distfile the user downloaded is the same one the port maintainer tested with. _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
