On 2011-3-9 03:13 , James Berry wrote:
>
> On Mar 8, 2011, at 12:29 AM, Anders F Björklund wrote:
>
>> Jordan K. Hubbard wrote:
>>
>>>> Currently, we are updating four: version (i.e. affecting the distfile),
>>>> md5, sha1, rmd160. Just saying that it would be less clutter to have, say
>>>> "SIZE" and "SHA256" collected in a "distinfo" file, since that's what
>>>> FreeBSD Ports is using... ("make makesum") Just an observation from using
>>>> both ports systems, really.
>>>
>>> Kind of begs the question: Do we need this many checksums? md5 and sha1
>>> are weak hashes, sure, but how about sha256?
>>
>> Apparently MacPorts prefers using sha1+rmd160 over sha256, and also it was
>> "too long" (fixed by automating, or using base-32)
>>
>> The md5 is more of a left-over, though still used by many upstreams. But
>> think it's currently being recommended against using ?
>
>
> Per my recollection, sha256 is now supported in base (using base-32
> encoding?). I know that one concern with use of base-32 was that if the
> checksum was mirroring one in upstream that the value would appear different.
> It would seem to be wise to try to auto-detect the format of this checksum
> based on length, so that ether the hex or base-32 encoding would be accepted.
> We would prefer base-32, but accept hex encoding as well for a case where
> upstream uses that format.
Was there really a genuine complaint that sha256 is too long? FWIW, I
don't think the length is a problem; in fact, having two possible
formats seems more inconvenient than a long line.
There was meant to be sha256 support in 1.9 BTW, but it's slightly
broken, so it's (still) a trunk only feature for now.
- Josh
_______________________________________________
macports-dev mailing list
[email protected]
http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
