Hi Pádraig,
> I also removed the addition to --help
> (and consequently the man page), as I think it's overkill.
It's common to list important issues with a program or function
in the BUGS section of the manual page. For example,
$ man 3 tempnam
...
BUGS
...
Never use this function. Use mkstemp(3) or tmpfile(3) instead.
In particular if the use of a program may have severe security implications,
I would expect to know about it from the manual page.
> If we were to add something to --help it should
> probably be also done for sha1sum
The attacks on SHA-1 are less advanced than those on MD5, currently.
But if you would warn against use of SHA-1 also, please go ahead.
> commit 4caf1adec8e6ce0cb7ab75365ab312411b2d47bd
> Author: Bruno Haible <[email protected]>
> Date: Tue Aug 10 01:56:36 2010 +0100
>
> doc: improve the info on md5sum security weaknesses
>
> * doc/coreutils.texi (md5sum invocation): Mention currently known
> security problems. Don't recommend SHA-1 as alternative.
> Reported by Simon Josefsson
You haven't pushed this so far, I think?
Bruno
