On 2012-4-6 23:09 , M. Daniel Becque wrote: > Arno, > The proftpd repository has an md5 file along with the binary. Does that > mean i must use md5 or can I, as you suggest, upgrade to the rmd160 and > sha256 hashes by generating them using openssl like below? Once I have > those hashes I could then just include them in the port as checksums > rather than the md5, sha1, and rmd160. > > openssl sha256 path/to/file > openssl rmd160 path/to/file
It's fine to use whatever upstream provides, just try to use more than one hash type, especially if one of them is md5. It's not a bad idea to be a little paranoid and get the upstream-provided values over SSL if possible, and/or verify any PGP signature for the file(s) before generating the hashes locally. - Josh _______________________________________________ macports-dev mailing list [email protected] http://lists.macosforge.org/mailman/listinfo.cgi/macports-dev
