On Tue, Jul 2, 2013 at 1:08 PM, Ryan Schmidt wrote: > > The solution is for upstream to cease using md5 as their distfile integrity > verification method and switch to an algorithm that does not have such > vulnerabilities.
http://hypernews.slac.stanford.edu/HyperNews/geant4/get/installconfig/1569/1.html Citing Ben Morgan: We will look at publishing these hashes for the source/data bundles on the website, but cmake/Modules/Geant4DatasetDefinitions.cmake will have to remain using MD5 for know because that is all CMake supports in ExternalProject and file over the cmake version range we have to support. We'll keep that under review though. (It seems that only CMake 2.8.10 or 2.8.11 - not sure which one - supports hashes other than MD5, see https://github.com/Kitware/CMake/commit/beb8a8309bc0ce08e4884a59329607ac09c322ac. And that version is relatively new.) Mojca _______________________________________________ macports-dev mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-dev
