Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:99382 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 36716 invoked from network); 5 Jun 2017 19:42:18 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 5 Jun 2017 19:42:18 -0000 Authentication-Results: pb1.pair.com smtp.mail=php@golemon.com; spf=softfail; sender-id=softfail Authentication-Results: pb1.pair.com header.from=php@golemon.com; sender-id=softfail Received-SPF: softfail (pb1.pair.com: domain golemon.com does not designate 74.125.82.47 as permitted sender) X-PHP-List-Original-Sender: php@golemon.com X-Host-Fingerprint: 74.125.82.47 mail-wm0-f47.google.com Received: from [74.125.82.47] ([74.125.82.47:36942] helo=mail-wm0-f47.google.com) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id 35/C7-27119-814B5395 for ; Mon, 05 Jun 2017 15:42:16 -0400 Received: by mail-wm0-f47.google.com with SMTP id d73so32494528wma.0 for ; Mon, 05 Jun 2017 12:42:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=golemon-com.20150623.gappssmtp.com; s=20150623; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=oL7BKZnpT1pruPLQBijj1G3EtZHmquELgKofI75W8Fs=; b=Ly7bintctJkSMkifa3bjFxdHLX6F8yPG/9Z57U4qUhBYYaE/Nhh4JshWX87DKD3Xf5 Tmr3oFd81TW+2ZUQOYToWyVo9i8OxSJgyticYaJJclG13ZZg9kICLvPuSEon+uqnvuYo MKaSuczvyXUixGEAEhipGuL+I0KtSb4KTg/88p//Z1wnh2Fa6s7jV7ClLEDf8CENDsdl VFUT6t/J6W8QzUmwUNhf5VrVSppO8lBTT/eHUPRuJ8FjiA7Tk10PuQ7STWL6Bf1kTn6v nUcSN0/neazso/EJV8BNIT0u1E5gUMQe7e/sdwDH3XFHMiKMBZPZJRgnGOfkJFwZKDmA brog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=oL7BKZnpT1pruPLQBijj1G3EtZHmquELgKofI75W8Fs=; b=UzkmUGTWFLCRrT4HR6fjEx465e8K25HNnGDfT1iAhOMSuuvXIB6GnaNsJzs1WwB+9C 5NH56LIpHGwtXxaYPpJTRcluo5So6W99QVE8VSEVOiz4qOiPCus4FUJGnCPchGYkV4ED zVWQU0TZhvVeZTAErNjJgF/ErErYPfcl0BJBOZOozhflUvXIIC5faEngpNse4QPBlGcG X/1xf4XgtYbypxBD1bIiGuVDYWsfuInZeOz1mVnPDJUgwPKiPrup6Vh3n5mmpmPuAsO5 PxoR9RHfZi6AoQxqsxped+phqlfLFWPuuHLvdLFFnxWlXem346JGP4Rbf+SRnCOcgSnN SVIg== X-Gm-Message-State: AODbwcAS/pQF0Iuk1gPG3wMc8lcuOD/hkO1QwIumrBi8JlhRwrKZjBsk Cn9NlqrCudRFRge2HoYW1xwE5H4SSrrv X-Received: by 10.28.126.210 with SMTP id z201mr8905074wmc.75.1496691733647; Mon, 05 Jun 2017 12:42:13 -0700 (PDT) MIME-Version: 1.0 Sender: php@golemon.com Received: by 10.223.169.209 with HTTP; Mon, 5 Jun 2017 12:42:13 -0700 (PDT) X-Originating-IP: [74.113.166.198] In-Reply-To: References: Date: Mon, 5 Jun 2017 15:42:13 -0400 X-Google-Sender-Auth: VMwQJFQhu816x-etgWuPMIDoh84 Message-ID: To: Kalle Sommer Nielsen Cc: Niklas Keller , PHP internals Content-Type: text/plain; charset="UTF-8" Subject: Re: [PHP-DEV] Re: [RFC][Release Process] Deprecate/Remove MD5 checksums From: pollita@php.net (Sara Golemon) On Mon, Jun 5, 2017 at 2:56 PM, Kalle Sommer Nielsen wrote: >> That's not a terrible idea. I'll script something up to download, >> verify gpg if it's available (verify existing m5 if it's not), and >> generate a sha256 from it resulting in a diff to >> web-php/include/releases.inc . Can do that irrespective of whether or >> not we stop adding md5s. > > We also got MD5 checksums over at the QA site, but I recently (like a > year ago) added SHA-256 checksums there, so it should be really easy > to get rid of the MD5s > BTW, a point came up on the RMs list to back-supply SHA256 checksums for old releases. I'm tossing together a script to download, verify (GPG where possible, MD5 where not), then generating a new SHA256 and committing the additions to web-php/include/releases.inc I'll try to get that done asap (gated by download speed, essentially). -Sara