On 2017-02-23, Marc Espie <[email protected]> wrote:
> Talking from the ports side, ports and packages moved to SHA256
> back in 2007/2008.
To be expressly clear: Marc is referring to the ports and packages
infrastructure here. The packaged third-party software still
contains many uses of SHA1; some may be harmless, some are embedded
into protocols that can't be easily changed.
> Ports distinfo made it the only default in 2007, and pkg tools moved straight
> from md5 to sha1.
^^^^^^^
to sha256
(Unfortunate typo.)
--
Christian "naddy" Weisgerber [email protected]
