Serving over https is very easy nowadays, thanks to letsencrypt. Nonetheless, it may take some time for all mirrors to switch to it.
Switching to sha-256 hashes is a much more trivial change, which can be rolled out almost overnight. In the same vein, on the download page only md5 hashes are listed for the binary distribution. Not that I expect the average user to check those (just today I did exactly that: download the binary for 7.6 from a mirror, and run it without checking the hash... and I'm one of those cryptographers William's talking about!). HTTPS would be much more important there. Luca -- You received this message because you are subscribed to the Google Groups "sage-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/sage-devel. For more options, visit https://groups.google.com/d/optout.
