Change to SHA1 signatures

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Change to SHA1 signatures

Tom Chiverton
I didn't notice till recently but the Apache policy [1] has been updated, and
the use of SHA1 checksums over MD5 is now being encouraged.

Is this a massive change to our build script ?

    [1] http://www.apache.org/dev/release-distribution
--
Tom
Apache Flex


Reply | Threaded
Open this post in threaded view
|

Re: Change to SHA1 signatures

Justin Mclean
Administrator
Hi,

> Is this a massive change to our build script ?

It’s a minor change and/or can be done manually.

Thanks,
Justin
Reply | Threaded
Open this post in threaded view
|

Re: Change to SHA1 signatures

Alex Harui-2
In reply to this post by Tom Chiverton
Royale made the switch to SHA-512 in this commit:

https://github.com/apache/royale-asjs/commit/56bf90ca100dbdf91b8965b60382ea
9e7a2816fb#diff-2cccd7bf48b7a9cc113ff564acd802a8

Volunteers are welcome to use it as the basis for changing over Flex.

HTH,
-Alex

On 3/6/18, 2:41 AM, "Tom Chiverton" <[hidden email]> wrote:

>I didn't notice till recently but the Apache policy [1] has been updated,
>and
>the use of SHA1 checksums over MD5 is now being encouraged.
>
>Is this a massive change to our build script ?
>
>    [1]
>https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.apache
>.org%2Fdev%2Frelease-distribution&data=02%7C01%7Caharui%40adobe.com%7C6f72
>5248ab7940b69c5b08d5834ec5ac%7Cfa7b1b5a7b34438794aed2c178decee1%7C0%7C0%7C
>636559296697682275&sdata=LvEjRBgirl%2Bzv19dJWBWMt2MX%2FaCcApjiJee2VXb38A%3
>D&reserved=0
>--
>Tom
>Apache Flex
>
>