At 6:01 PM -0700 10/5/12, Blair Zajac wrote:
On 10/05/2012 05:53 PM, Jeremy Lavergne wrote:
It isn't any worse than stealth updates: it would still be out of
our hands, a calculated risk.
Choosing a short hash is always ones own fault and one would then
have to clean it up, unlike stealth updates which are caused by
upstream.
I think you're overstating the risk. The risk is that a short hash
won't be unique _within a project's repository_. You won't get
someone else's project. In that (unlikely) event, MacPort's
checksums will identify that you didn't get the right code. Minor
hassle while another character is added to the short hash if it
happens in our lifetime.
I'm not that good with statistics, but there are 26 alpha and 10
numeric characters available in each position. 7 positions is a
_lot_ of available hashes! I used 8--which gives 36 times as many
unique hashes.
Craig
(Just to prove I'm not good with stats: I have a ticket in tonight's
$50 M lottery. ;)
_______________________________________________
macports-dev mailing list
macports-dev@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo/macports-dev
