We've been moving towards `better' checksums in ports, namely the addition of sha256 as a slightly more secure hash.
Consequently, though, there's a big cost in terms of distinfo file sizes. To limit that, thanks to Todd Miller, cksum now supports the creation and the reading of base64-encoded signatures, e.g. $ cksum -a md5 screen-4.0.3.tar.gz MD5 (screen-4.0.3.tar.gz) = 8506fd205028a96c741e4037de6e3c42 $ cksum -b -a md5 screen-4.0.3.tar.gz MD5 (screen-4.0.3.tar.gz) = hQb9IFAoqWx0HkA33m48Qg== Most of this is actually transparent. cksum will indifferently verify hex signatures, or base64 signatures. This requires a -current cksum(1), though. Accordingly, the ports infrastructure has been tweaked to handle both kinds of signature as well, so that we can switch pretty much when we want. There's the issue of mirrors and mirror-maker: current mirror-maker copies the checksum line along with the old variables, and fetch-all will reflect the change any time now. I'm going to coordinate with Bob Beck so that we don't get stuck with ftp.openbsd.org no longer mirroring distfiles. So, at some point in the near future, we will switch. People working on ports are highly encouraged to update to the new tools. In the slightly more distant future, Simon Dassow, Todd Miller and I are working on re-using the libcrypto ssl functions directly from perl as an XS extension, and then providing stub code that would give us the exact same interface as the various Digest::SHA* modules from CPAN, without needing to re-compile the crypto-hashes functions again... at which point we'll probably switch pkg_add to sha256 sigs in base64 as well.
