On 09/18/2018 02:52 PM, William A Rowe Jr wrote:
> Note that in moderation of annou...@apache.org <mailto:annou...@apache.org>, 
> I received the following response;
>> MD5 and SHA1 hashes have been deprecated for some time on download pages (*)
>> Please update the download page(s) to remove these.
>> (*) http://www.apache.org/dev/release-distribution#sigs-and-sums
> Are we concerned with retaining either-or MD5 or SHA1 for legacy architecture 
> users? As we integrate to openssl 0.9.8+,
> and those all have an `openssl sha256` facility, it seems like the concern is 
> pretty obscure.

Sounds reasonable.

> Do we have an opinion on offering both sha256 + sha512? Only one or the 
> other, and if so, which?

Does offering both create additional work?



Reply via email to