2017-10-23 20:36 GMT+02:00 William A Rowe Jr <wr...@rowe-clan.net>:

> HTTPD team,
>
> Since our downloads are to be authenticated by their .asc PGP
> signatures, and the hashes simply serve as checksums, is it reasonable
> to offer only MD5 and SHA256 at this point?
>
> Anyone without SHA256 (rare, I'd expect) can use MD5 as the simplest
> supported checksum. All others should apply the strongest hash
> validation.
>
> Thoughts?
>

+1, I'd also get rid of MD5 since I don't expect anybody relying on it but
I might be wrong :)

Luca

Reply via email to