Re: [PATCH] use SHA-2 family hash for releases

From: Stefan Hett <stefan_at_egosoft.com>
Date: Fri, 24 Feb 2017 11:30:02 +0100

On 2/24/2017 6:26 AM, Daniel Shahaf wrote:
> Andreas Stieger wrote on Thu, Feb 23, 2017 at 21:08:43 +0100:
>> +++ tools/dist/release.py (working copy)
>> @@ -537,9 +537,9 @@ def roll_tarballs(args):
>>
>> shutil.move(filename, get_deploydir(args.base_dir))
>> filename = os.path.join(get_deploydir(args.base_dir), filename)
>> - m = hashlib.sha1()
>> + m = hashlib.sha512()
>> m.update(open(filename, 'r').read())
>> - open(filename + '.sha1', 'w').write(m.hexdigest())
>> + open(filename + '.sha512', 'w').write(m.hexdigest())
> Should we keep generating both .sha1 and .sha512 for a transition
> period?
>
IMO this would make sense. At least on Windows there are still several
tools to verify file integrity which don't support SHA-512 just yet (one
example [1]). Might pose another burden for some users to verify the
package integrity (which on Windows isn't a functionality build directly
into the OS unfortunately).

[1]
https://support.microsoft.com/en-us/help/841290/availability-and-description-of-the-file-checksum-integrity-verifier-utility

-- 
Regards,
Stefan Hett

Received on 2017-02-24 11:30:12 CET

This message: [ Message body ]
Next message: Stefan Sperling: "svnconflict build failure on Windows (was: Re: 1.10.0-alpha2 is up for signing)"
Previous message: Stefan Hett: "Re: New MaxSVN releases (incl. 1.8.17 and 1.9.5)"
In reply to: Daniel Shahaf: "Re: [PATCH] use SHA-2 family hash for releases"
Next in thread: Andreas Stieger: "Re: [PATCH] use SHA-2 family hash for releases"
Reply: Andreas Stieger: "Re: [PATCH] use SHA-2 family hash for releases"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]