2017-10-23 20:36 GMT+02:00 William A Rowe Jr <wr...@rowe-clan.net>: > HTTPD team, > > Since our downloads are to be authenticated by their .asc PGP > signatures, and the hashes simply serve as checksums, is it reasonable > to offer only MD5 and SHA256 at this point? > > Anyone without SHA256 (rare, I'd expect) can use MD5 as the simplest > supported checksum. All others should apply the strongest hash > validation. > > Thoughts? >
+1, I'd also get rid of MD5 since I don't expect anybody relying on it but I might be wrong :) Luca
