Whenever Free Software/Open Source legal folks are examining the Tahoe-LAFS source code, it seems like there has to be a discussion and documentation about every single licensing declaration. Since this one is (was) permissive, then you would think it could be avoided, but I'm not betting on it. We would probably have to install a copy of the MIT licence into every one of the "copyright" files under the debian/ subdirectory, for example. So: let's just let hashbasedsig.py be licensed the same way as the rest of Tahoe-LAFS.
#!python
-# MIT or any Tahoe license.
# range of hash output lengths
range_L_hash = [128]