Front page | perl.perl5.porters |
Postings from February 2022
On Fri, Jan 21, 2022 at 3:55 AM Dennis Clarke via perl5-porters <perl5-porters@perl.org> wrote: > > On 1/20/22 17:53, Nicolas R. wrote: > > SHA1 digests for this release are: > > > > ae216761e14aaa0f052a8d97c8543d13c133d3de perl-5.35.8.tar.gz > > d674bd65ac949492728c19d5e25c63eac05023fc perl-5.35.8.tar.xz > > Why use the old ( and somewhat broken ) SHA1 for message digests? > The new ( and not broken ) SHA256 or even SHA3-256 would get the > job done just fine. Everyone has these in any recent OpenSSL as > message digest options. Hi Dennis, I decided to check into this, and found that the shasums in the release announcement are taken from PAUSE, the Perl Authors Upload SErver. So I sent a patch to PAUSE to use SHA256 and to remove the SHA1 and MD5sums, which got applied and deployed within hours! https://github.com/andk/pause/pull/379 Then I went ahead and updated the Perl releasers instructions to update the text in the PORTING instructions, which was also merged very quickly --> https://github.com/Perl/perl5/pull/19386 So the next perl release announcement will now have SHA256, thanks to your suggestion and to the responsive PAUSE and Perl maintainers! -- MichielThread Previous | Thread Next