develooper Front page | perl.perl5.porters | Postings from February 2022

Re: Perl 5.35.8 is available

Thread Previous
Dennis Clarke via perl5-porters
February 2, 2022 12:22
Re: Perl 5.35.8 is available
Message ID:
On 2/2/22 03:00, Michiel Beijen wrote:
> On Fri, Jan 21, 2022 at 3:55 AM Dennis Clarke via perl5-porters
> <> wrote:
>> On 1/20/22 17:53, Nicolas R. wrote:
>>> SHA1 digests for this release are:
>>>    ae216761e14aaa0f052a8d97c8543d13c133d3de perl-5.35.8.tar.gz
>>>    d674bd65ac949492728c19d5e25c63eac05023fc perl-5.35.8.tar.xz
>> Why use the old ( and somewhat broken ) SHA1 for message digests?
>> The new ( and not broken ) SHA256 or even SHA3-256 would get the
>> job done just fine.  Everyone has these in any recent OpenSSL as
>> message digest options.
> Hi Dennis,
> I decided to check into this, and found that the shasums in the
> release announcement are taken from PAUSE, the Perl Authors Upload
> SErver.
> So I sent a patch to PAUSE to use SHA256 and to remove the SHA1 and
> MD5sums, which got applied and deployed within hours!
> Then I went ahead and updated the Perl releasers instructions to
> update the text in the PORTING instructions, which was also merged
> very quickly -->
> So the next perl release announcement will now have SHA256, thanks to
> your suggestion and to the responsive PAUSE and Perl maintainers!

Excellent and thank you very much. I did note that the primary source
tarball server does provide SHA256 hash data and looks like it always
has for years :

Of course it just seemed odd to me that md5 and sha1 were in the actual
release announcement email.

Thank  you for the update Sir.

Dennis Clarke
UNIX and Linux spoken
GreyBeard and suspenders optional

Thread Previous Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About