Arno, The proftpd repository has an md5 file along with the binary. Does that mean i must use md5 or can I, as you suggest, upgrade to the rmd160 and sha256 hashes by generating them using openssl like below? Once I have those hashes I could then just include them in the port as checksums rather than the md5, sha1, and rmd160.
openssl sha256 path/to/file openssl rmd160 path/to/file On Fri, Apr 6, 2012 at 7:58 AM, Arno Hautala <[email protected]> wrote: > On 2012-04-06, Blair Zajac <[email protected]> wrote: > > On 4/5/12 9:53 PM, Arno Hautala wrote: > >> > >> Also, I think md5 in Portfiles is deprecated. The preferred hashes are > >> rmd160 and sha256. > > > > If upstream provides a md5, I like to use it, as it makes double checking > > the > > port easier. > > MacPorts is trying to phase out usage of md5 as it's considered > cryptographically broken. In this case, it'd be fine for you to use > the md5 to verify the checksum, but I still think the Portfile should > contain rmd160 and/or sha256. I'm aware of the ... "oddity" (?) and > extra effort of using different hashes at different stages, but I > presume that at some point md5 support will be removed from MacPorts. > You might as well start using the preferred hashes now, if only to get > used to a workflow that will be required in the future. > > At least, that's my take on things. > > -- > arno s hautala /-| [email protected] > > pgp b2c9d448 >
_______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
