Re: [PATCH] use SHA-2 hashes for releases

From: Andreas Stieger <astieger_at_suse.com>
Date: Wed, 28 Jun 2017 09:05:46 +0200

Hello,

On 06/28/2017 07:42 AM, Daniel Shahaf wrote:
> Andreas Stieger wrote on Sat, 10 Jun 2017 12:24 +0200:
>> Found this laying around... maybe someone who previously made releases
>> could check it out.
>
> Any news about this patch? I have some pending tweaks to release.py and
> don't want to conflict.

No news.

> As I said about an earlier iteration: I think the main question is whether we
> want to provide both sha1 and sha2 hashes for a transition period. I.e., do
> we try for compatibility or force people to switch over to sha2.

Those that may fail to change their "verification" from sha-1 to sha-2
may not have been very useful in any kind of verification in the first
place. So unless there is a technical reason (which I do not see) I
would just change it.

Andreas

-- 
Andreas Stieger <astieger_at_suse.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

application/pgp-signature attachment: OpenPGP digital signature

Received on 2017-06-28 09:06:12 CEST

This message: [ Message body ]
Next message: Stefan Hett: "absence over the past few months"
Previous message: Daniel Shahaf: "Re: [PATCH] use SHA-2 hashes for releases"
In reply to: Daniel Shahaf: "Re: [PATCH] use SHA-2 hashes for releases"
Next in thread: Daniel Shahaf: "Re: [PATCH] use SHA-2 hashes for releases"
Reply: Daniel Shahaf: "Re: [PATCH] use SHA-2 hashes for releases"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]