On 3/18/20 2:44 PM, jean-frederic clere wrote:
> On 18/03/2020 11:09, Ruediger Pluem wrote:
>>
>>
>> On 3/18/20 9:36 AM, [email protected] wrote:
>>> Author: jfclere
>>> Date: Wed Mar 18 08:36:46 2020
>>> New Revision: 1875349
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1875349&view=rev
>>> Log:
>>> Add sha512
>>>
>>> Modified:
>>> httpd/site/trunk/tools/roll.sh
>>>
>>> Modified: httpd/site/trunk/tools/roll.sh
>>> URL:
>>> http://svn.apache.org/viewvc/httpd/site/trunk/tools/roll.sh?rev=1875349&r1=1875348&r2=1875349&view=diff
>>> ==============================================================================
>>> --- httpd/site/trunk/tools/roll.sh (original)
>>> +++ httpd/site/trunk/tools/roll.sh Wed Mar 18 08:36:46 2020
>>> @@ -103,9 +103,11 @@ openssl="`which openssl 2> /dev/null | h
>>> md5sum="`which md5sum 2> /dev/null | head -1`"
>>> sha1sum="`which sha1sum 2> /dev/null | head -1`"
>>> sha256sum="`which sha256sum 2> /dev/null | head -1`"
>>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>>> md5="`which md5 2> /dev/null | head -1`"
>>> sha1="`which sha1 2> /dev/null | head -1`"
>>> sha256="`which sha256 2> /dev/null | head -1`"
>>> +sha512sum="`which sha512sum 2> /dev/null | head -1`"
>>
>> Should the above be sha512 instead of sha512sum?
>>
>> Are we sure that openssl / gpg are capable of sha512 for a reasonable span
>> of versions or is it worth checking for a
>> minimal version?
>
> gpg looks good, openssl > 1.0.0 is good too and 10 years old no?
That should be sufficient without further testing.
Regards
Rüdiger
