develooper Front page | perl.perl5.porters | Postings from February 2022

Re: Perl 5.35.8 is available

Thread Previous | Thread Next
Michiel Beijen
February 2, 2022 17:04
Re: Perl 5.35.8 is available
Message ID:
On Fri, Jan 21, 2022 at 3:55 AM Dennis Clarke via perl5-porters
<> wrote:
> On 1/20/22 17:53, Nicolas R. wrote:
> > SHA1 digests for this release are:
> >
> >   ae216761e14aaa0f052a8d97c8543d13c133d3de perl-5.35.8.tar.gz
> >   d674bd65ac949492728c19d5e25c63eac05023fc perl-5.35.8.tar.xz
> Why use the old ( and somewhat broken ) SHA1 for message digests?
> The new ( and not broken ) SHA256 or even SHA3-256 would get the
> job done just fine.  Everyone has these in any recent OpenSSL as
> message digest options.

Hi Dennis,
I decided to check into this, and found that the shasums in the
release announcement are taken from PAUSE, the Perl Authors Upload

So I sent a patch to PAUSE to use SHA256 and to remove the SHA1 and
MD5sums, which got applied and deployed within hours!
Then I went ahead and updated the Perl releasers instructions to
update the text in the PORTING instructions, which was also merged
very quickly -->

So the next perl release announcement will now have SHA256, thanks to
your suggestion and to the responsive PAUSE and Perl maintainers!


Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About