I misunderstood then. Yea, we could include it but we don't have to. Just as long as we have at least two, regardless of which two.
"Blair Zajac" <[email protected]> wrote: >I'm not sure what you're saying. Let me restate myself, if the >upstream only provides an md5, then we should at least include that >one, plus a sha1 or rmd160. > >Blair > >On Jan 16, 2011, at 10:40 AM, Jeremy Lavergne wrote: > >> That doesn't make much sense. >> >> Why would we restrict ourselves below the preferred 2 hashes? >> >> "Blair Zajac" <[email protected]> wrote: >> >>> On 1/16/11 3:10 AM, Ryan Schmidt wrote: >>>> >>>> On Jan 16, 2011, at 00:59, Joshua Root wrote: >>>> >>>> [in response to a commit by snc] >>>> >>>>> You've committed a lot of updates lately where the submitter's >patch >>>>> contained an rmd160 checksum but you removed it. Is there a good >>> reason >>>>> for this? >>>> >>>> I've committed lots of updates lately where I use only the sha1 and >>> rmd160 checksums, omitting the md5 checksum. As we've discussed >before, >>> there is good reason to use more than just a single checksum >algorithm >>> (security against a vulnerability being discovered in any one >checksum >>> algorithm), but I see no point to using more than two checksum >>> algorithms. And I picked the two newest algorithms, since for many >>> other applications md5 is already considered obsolete. I suggest >this >>> is what we should do going forward. Perhaps we could change the >"port >>> -d checksum" output to no longer suggest the md5 checksums. As we >>> update ports, we should remove md5 checksums, preferring the >>> sha1/rmd160 pair. And perhaps a couple years down the road we can >>> remove md5 support from MacPorts entirely. >>> >>> However, if the upstream source only provides an md5 checksum, then >we >>> should >>> use that checksum. >>> >>> Blair >>> _______________________________________________ >>> macports-dev mailing list >>> [email protected] >>> http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev >> _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
