Sounds reasonable to me. Regards
Rüdiger > -----Ursprüngliche Nachricht----- > Von: William A Rowe Jr [mailto:wr...@rowe-clan.net] > Gesendet: Montag, 23. Oktober 2017 20:37 > An: httpd <dev@httpd.apache.org> > Betreff: Simplify download distribution directory by dropping sha1 > hashes? > > HTTPD team, > > Since our downloads are to be authenticated by their .asc PGP > signatures, and the hashes simply serve as checksums, is it reasonable > to offer only MD5 and SHA256 at this point? > > Anyone without SHA256 (rare, I'd expect) can use MD5 as the simplest > supported checksum. All others should apply the strongest hash > validation. > > Thoughts? > > Bill