https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7618
--- Comment #14 from RW <rwmailli...@googlemail.com> --- (In reply to Kevin A. McGrail from comment #9) > I have not done a threat model on the weakness in sha1 sig's and why their > weakness presents a risk either to rules or distributions but the policy[1] > is very clear. The wording is "SHOULD NOT supply a MD5 or SHA-1 checksum file", using the terminology of RFC 2119: " SHOULD NOT This phrase, or the phrase "NOT RECOMMENDED" mean that there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label." -- You are receiving this mail because: You are the assignee for the bug.
