incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Henk P. Penning" <penn...@uu.nl>
Subject Re: Digests in releases
Date Thu, 31 Aug 2017 13:15:18 GMT
On Wed, 30 Aug 2017, Julian Hyde wrote:

> Date: Wed, 30 Aug 2017 14:08:42 -0700
> From: Julian Hyde <jhyde@apache.org>
> To: general@incubator.apache.org
> Subject: Digests in releases
> 
> What is the correct forum for discussing release distribution policy?

> MD5 is no longer deemed secure[2]. I think we should remove it from
> our releases and mandate SHA256 or SHA512.

   Agree ; we should not require or recommend MD5.

   IMHO, discussions about "MD5 can be used for X but not for Y"
   are a waste of time ; they never stop en convince nobody.
   It is better to adopt something that we can agree on.

   What can we agree on ?

   -- SHA-1 : not as bad as MD5, but no longer considered secure
      by some ; https://en.wikipedia.org/wiki/SHA-1 ; skip
   -- SHA-256 : fine
   -- SHA-512 : fine

   So, I would suggest we pick SHA-256.

> Julian

   Regards,

   Henk Penning

------------------------------------------------------------   _
Henk P. Penning, ICT-beta                 R Uithof HFG-406   _/ \_
Faculty of Science, Utrecht University    T +31 30 253 4106 / \_/ \
Budapestlaan 6, 3584CD Utrecht, NL        F +31 30 253 4553 \_/ \_/
http://www.staff.science.uu.nl/~penni101/ M penning@uu.nl     \_/

---------------------------------------------------------------------
To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
For additional commands, e-mail: general-help@incubator.apache.org


Mime
View raw message