You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by Luca Toscano <to...@gmail.com> on 2016/01/02 17:45:36 UTC
MD5/SHA1 signatures for Apache Releases
Hi Apache devs!
I am trying to contribute to the httpd project following up with some
Documentation tasks in bz.apache.org, so please be patient with me if the
question is trivial :)
This bug is interesting:
https://bz.apache.org/bugzilla/show_bug.cgi?id=55808
Would it make sense to remove MD5/SHA1 in favour of PGP only of PGP/SHA256?
I'd like your opinion before resolving as "wontfix" or changing the docs.
Thanks!
Luca
Re: MD5/SHA1 signatures for Apache Releases
Posted by Ruediger Pluem <rp...@apache.org>.
On 01/02/2016 05:45 PM, Luca Toscano wrote:
> Hi Apache devs!
>
> I am trying to contribute to the httpd project following up with some Documentation tasks in bz.apache.org
> <http://bz.apache.org>, so please be patient with me if the question is trivial :)
>
> This bug is interesting: https://bz.apache.org/bugzilla/show_bug.cgi?id=55808
>
> Would it make sense to remove MD5/SHA1 in favour of PGP only of PGP/SHA256? I'd like your opinion before resolving as
> "wontfix" or changing the docs.
MD5 and SHA1 still have use cases. You can still use them to check easily that your download is complete and wasn't
corrupted by any accidental network foo. Of course they are not save for verifying that no one tampered the downloads on
purpose. This is what the PGP signature is for.
Regards
RĂ¼diger
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org