On Tue, Oct 24, 2017 at 2:50 AM, Luca Toscano <toscano.l...@gmail.com> wrote:
> 2017-10-23 20:36 GMT+02:00 William A Rowe Jr <wr...@rowe-clan.net>:
>> HTTPD team,
>> Since our downloads are to be authenticated by their .asc PGP
>> signatures, and the hashes simply serve as checksums, is it reasonable
>> to offer only MD5 and SHA256 at this point?
>> Anyone without SHA256 (rare, I'd expect) can use MD5 as the simplest
>> supported checksum. All others should apply the strongest hash
>> validation.
>> Thoughts?
> +1, I'd also get rid of MD5 since I don't expect anybody relying on it but I
> might be wrong :)

As much as I'd like to, it wasn't long ago I was still building httpd on HP/UX,
AIX and other oddballs. Having some old-school hash while httpd still
compiles on those boxes seems rational.

Reply via email to