On Feb 1, 2016, at 4:36 PM, René J.V. Bertin <[email protected]> wrote: > How likely is it that two files would have the same oldchecksum
not very > but a different newchecksum? Probably very small for sha256, but the shorter > the hash, the larger that likelihood. That still won't be an issue for most > ports that only have checksums for a single file. Still, you'd probably want > to know all old checksums of all (old) distfiles, and the corresponding new > ones to check for aliasing before you start replacing. sure. I'd be willing to wager we've never had a hash collision, though. > A better non-trivial example than my KF5 Frameworks Portfile would be > mcalhoun's port:qt5 Portfile. I'm not sure you need to connect the checksums > with the distfile/subport in the Portfile (as opposed to in memory only), but > that would probably be a challenge for this kind of coding. I would advocate a "worse is better" approach here. A very simple substitution intended for a maintainer to run, something like `port checksum --stage-update foo` that can then be verified and committed. Maybe this doesn't work (or doesn't work well) for complicated portfiles - but if it's a 90% solution that covers mosts ports, it's still a win (and if it enables people to write less complicated portfiles, since they were just trying to make it easier to update their ports, that's a win too). In fact, I would propose that the existence of complicated portfiles is evidence of features in base that are missing that maintainers desire. -- Daniel J. Luke _______________________________________________ macports-dev mailing list [email protected] https://lists.macosforge.org/mailman/listinfo/macports-dev
