On Jan 16, 2011, at 00:59, Joshua Root wrote: [in response to a commit by snc]
> You've committed a lot of updates lately where the submitter's patch > contained an rmd160 checksum but you removed it. Is there a good reason > for this? I've committed lots of updates lately where I use only the sha1 and rmd160 checksums, omitting the md5 checksum. As we've discussed before, there is good reason to use more than just a single checksum algorithm (security against a vulnerability being discovered in any one checksum algorithm), but I see no point to using more than two checksum algorithms. And I picked the two newest algorithms, since for many other applications md5 is already considered obsolete. I suggest this is what we should do going forward. Perhaps we could change the "port -d checksum" output to no longer suggest the md5 checksums. As we update ports, we should remove md5 checksums, preferring the sha1/rmd160 pair. And perhaps a couple years down the road we can remove md5 support from MacPorts entirely. _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
