httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Ruggeri <drugg...@primary.net>
Subject Re: Simplify download distribution directory by dropping sha1 hashes?
Date Mon, 23 Oct 2017 22:18:45 GMT
+1
-- 
Daniel Ruggeri


-------- Original Message --------
From: William A Rowe Jr <wrowe@rowe-clan.net>
Sent: October 23, 2017 1:36:31 PM CDT
To: httpd <dev@httpd.apache.org>
Subject: Simplify download distribution directory by dropping sha1 hashes?

HTTPD team,

Since our downloads are to be authenticated by their .asc PGP
signatures, and the hashes simply serve as checksums, is it reasonable
to offer only MD5 and SHA256 at this point?

Anyone without SHA256 (rare, I'd expect) can use MD5 as the simplest
supported checksum. All others should apply the strongest hash
validation.

Thoughts?

Bill

Mime
View raw message