On 09/18/2018 02:52 PM, William A Rowe Jr wrote:
> Note that in moderation of annou...@apache.org <mailto:annou...@apache.org>,
> I received the following response;
>
>> MD5 and SHA1 hashes have been deprecated for some time on download pages (*)
>>
>> Please update the download page(s) to remove these.
>>
>> (*) http://www.apache.org/dev/release-distribution#sigs-and-sums
>
> Are we concerned with retaining either-or MD5 or SHA1 for legacy architecture
> users? As we integrate to openssl 0.9.8+,
> and those all have an `openssl sha256` facility, it seems like the concern is
> pretty obscure.
Sounds reasonable.
>
> Do we have an opinion on offering both sha256 + sha512? Only one or the
> other, and if so, which?
Does offering both create additional work?
Regards
RĂ¼diger
