Older OpenWRT releases won't get the new package (or the updates) anyway so breaking compatibility is not an issue.
Although using a misleading name is still an issue. In LEDE core repo that var was renamed into PKG_HASH and contains a SHA256sum. The LEDE buildsystem works with both variables https://github.com/lede-project/source/commit/7416d2e046b87b262b407f8af70b8dd9b2927c70 Some packages in OpenWRT feeds are being updated with PKG_HASH in addition to the MD5 var. https://github.com/openwrt/packages/commit/e73964fa8fae94473e9046dfd8fd505206b50ab3 I think the official way forward is to use PKG_HASH instead of placing a SHA256sum in a var called MD5. -Alberto On 01/05/2017 11:28 PM, Heinrich Schuchardt wrote: > Hello Hannu, > > why should a variable be called MD5 if it holds an SHA256 hash? That > does not make any sense. > > Could you, please, point me to the thread on the openwrt or lede list > that discussed this weird idea. > > Abusing the MD5 variable with SHA256 hashes will break compatibility > with older openwrt releases. > > If you want an SHA256 hash, please, use an SHA256 variable. > > This was already pointed out in > https://bugs.lede-project.org/index.php?do=details&task_id=326&order=id&sort=asc&order2=summary&sort2=desc > > Anyway it is safer to use multiple hashes. > > Best regards > > Heinrich Schuchardt > > > On 01/05/2017 11:05 PM, Hannu Nyman wrote: >> Could you please update the PR a bit and replace the MD5 hash with a >> SHA256 hash. >> >> (Leave the variable name as it is now, but replace the hash itself with >> the longer SHA256 hash.) >> >> Same goes for other packages that you maintaining. MD5 is being phased >> out, so please use SHA256 when issuing updates as PRs. >> > > _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
