Opened 9 years ago
Closed 8 years ago
#50775 closed update (fixed)
haproxy: update to 1.6.3
Reported by: | relgames@… | Owned by: | sam@… |
---|---|---|---|
Priority: | Normal | Milestone: | |
Component: | ports | Version: | |
Keywords: | Cc: | ||
Port: | haproxy |
Description
$ port livecheck haproxy haproxy seems to have been updated (port version: 1.4.22, new version: 1.6.3)
Attachments (1)
Change History (6)
Changed 9 years ago by relgames@…
Attachment: | haproxy-1.6.3.diff added |
---|
comment:1 follow-up: 2 Changed 9 years ago by mf2k (Frank Schima)
Owner: | changed from macports-tickets@… to sam@… |
---|---|
Version: | 2.3.4 |
comment:2 Changed 9 years ago by relgames@…
Replying to mf2k@…:
A comment about the patch. The rmd160 and sha256 checksums need to stay. See the guide section about checksums. md5 is considered insecure but can be kept if upstream publishes it.
HAproxy download page has only MD5 hashes http://www.haproxy.org/download/1.6/src/ Meaning, rmd160 and sha256 will be calculated by me and not taken from the upstream.
If MD5 is insecure, what makes you think I can't be affected? Hashes calculated by me can't be validated by checking upstream download page, you'll need to either trust me or re-calculate hashes yourself. Do you still think I should do it?..
comment:3 Changed 9 years ago by danielluke (Daniel J. Luke)
The stronger hashes main function is to ensure that the file that an end-user operates on is the same file as the one the maintainer intended it to operate on.
comment:4 Changed 8 years ago by aphor (Jeremy McMillan)
Subsumed by #51492 [haproxy Portfile diff update 1.4.22 --> 1.6.5]
comment:5 Changed 8 years ago by l2dy (Zero King)
Resolution: | → fixed |
---|---|
Status: | new → closed |
Thanks. In the future, please Cc the port maintainers (
port info --maintainers haproxy
), if any.A comment about the patch. The rmd160 and sha256 checksums need to stay. See the guide section about checksums. md5 is considered insecure but can be kept if upstream publishes it.