[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] use SHA-2 hashes for releases

From: Andreas Stieger <astieger_at_suse.com>
Date: Wed, 28 Jun 2017 09:05:46 +0200

Hello,

On 06/28/2017 07:42 AM, Daniel Shahaf wrote:
> Andreas Stieger wrote on Sat, 10 Jun 2017 12:24 +0200:
>> Found this laying around... maybe someone who previously made releases
>> could check it out.
>
> Any news about this patch? I have some pending tweaks to release.py and
> don't want to conflict.

No news.

> As I said about an earlier iteration: I think the main question is whether we
> want to provide both sha1 and sha2 hashes for a transition period. I.e., do
> we try for compatibility or force people to switch over to sha2.

Those that may fail to change their "verification" from sha-1 to sha-2
may not have been very useful in any kind of verification in the first
place. So unless there is a technical reason (which I do not see) I
would just change it.

Andreas

-- 
Andreas Stieger <astieger_at_suse.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton,
HRB 21284 (AG N├╝rnberg)

Received on 2017-06-28 09:06:12 CEST

This is an archived mail posted to the Subversion Dev mailing list.