unread
In phar default signature is still SHA-1
which is no more considered add secure
Proposal: switch to SHA256 by default
https://github.com/php/php-src/pull/7341
Old algo are not removed, at least they
are required to check old archives.
Perhaps could make sense to raise a warning
when used
In smp, auth protocol only support MD5 and SHA-1
rfc-7860 recommends SHA256 and SHA512
https://github.com/php/php-src/pull/7342
As minor self-contained change, probably don't
worth an RFC.
Please comment on PR
Remi