Andrew Rowley wrote:
On 3/04/2018 9:21 PM, John Eells wrote:

If you have a requirement for packages signed with strong algorithms,
please open an RFE.

Is the SMP/E package signed, or just checksummed? A stronger hash is no
real value if the hash itself can be substituted because it is not
cryptographically signed.

They are not signed today.

The point of my wording was that, if we do sign them eventually, we probably shouldn't sign them using SHA-1 or something equally weak.

John Eells
IBM Poughkeepsie

For IBM-MAIN subscribe / signoff / archive access instructions,
send email to with the message: INFO IBM-MAIN

Reply via email to