On 14/08/10 18:19, Bruno Haible wrote: > Hi Pádraig, > >> I also removed the addition to --help >> (and consequently the man page), as I think it's overkill. > > It's common to list important issues with a program or function > in the BUGS section of the manual page. For example, > > $ man 3 tempnam > ... > BUGS > ... > Never use this function. Use mkstemp(3) or tmpfile(3) instead. > > In particular if the use of a program may have severe security implications, > I would expect to know about it from the manual page.
OK cool. I was thinking that warnings would be more appropriate in library docs rather than the user util, but I will add the warning to BUGS in man/md5sum.x and leave --help unchanged. >> If we were to add something to --help it should >> probably be also done for sha1sum > > The attacks on SHA-1 are less advanced than those on MD5, currently. > But if you would warn against use of SHA-1 also, please go ahead. > >> commit 4caf1adec8e6ce0cb7ab75365ab312411b2d47bd >> Author: Bruno Haible <[email protected]> >> Date: Tue Aug 10 01:56:36 2010 +0100 >> >> doc: improve the info on md5sum security weaknesses >> >> * doc/coreutils.texi (md5sum invocation): Mention currently known >> security problems. Don't recommend SHA-1 as alternative. >> Reported by Simon Josefsson > > You haven't pushed this so far, I think? I only added it to my local queue in case there was feedback on my amendments. I will apply the update now. thanks, Pádraig.
