Press "Enter" to skip to content

MD5 checksums deprecated

Last night, I committed a large update to the ports tree that deprecated MD5 checksums based on the work by Doug Barton and Rene Laden in ports/149657. For a long time we’ve had both MD5 and SHA256 checksums in the distinfo file, even though having multiple checksumming algorithms does not add any additional security. From today, MD5 checksums are no longer generated, but existing checksums will silently be ignored. For now, we won’t be doing large sweeps through the tree removing MD5, but let them slowly disappear when individual ports are updated, to avoid the churn on the cvs repository, mirrors, and package build infrastructure such large sweeps will cause.
The ports framework internals were also updated to reflect this change by renaming the MD5_FILE macro to DISTINFO_FILE. A lot of thanks to Dough and Rene!

Be First to Comment

Leave a Reply