https://wiki.php.net/rfc/release-md5-deprecation
Primary discussion points: Deprecate or Remove? Deprecate for how long?
https://wiki.php.net/rfc/release-md5-deprecation
Primary discussion points: Deprecate or Remove? Deprecate for how long?
No response from my post last week, bumping at a different time of day
to get response.
-Sara
2017-06-05 16:42 GMT+02:00 Sara Golemon pollita@php.net:
https://wiki.php.net/rfc/release-md5-deprecation
Primary discussion points: Deprecate or Remove? Deprecate for how long?
No response from my post last week, bumping at a different time of day
to get response.
I think I responded, but maybe only on Twitter. I'm definitely in favor of
removing them.
I think it would be good to add at least SHA-256 checksums for the older
releases.
Regards, Niklas
2017-06-05 16:42 GMT+02:00 Sara Golemon pollita@php.net:
https://wiki.php.net/rfc/release-md5-deprecation
Primary discussion points: Deprecate or Remove? Deprecate for how long?
No response from my post last week, bumping at a different time of day
to get response.I think I responded, but maybe only on Twitter. I'm definitely in favor of
removing them.I think it would be good to add at least SHA-256 checksums for the older
releases.
That's not a terrible idea. I'll script something up to download,
verify gpg if it's available (verify existing m5 if it's not), and
generate a sha256 from it resulting in a diff to
web-php/include/releases.inc . Can do that irrespective of whether or
not we stop adding md5s.
-Sara
That's not a terrible idea. I'll script something up to download,
verify gpg if it's available (verify existing m5 if it's not), and
generate a sha256 from it resulting in a diff to
web-php/include/releases.inc . Can do that irrespective of whether or
not we stop adding md5s.
We also got MD5 checksums over at the QA site, but I recently (like a
year ago) added SHA-256 checksums there, so it should be really easy
to get rid of the MD5s
--
regards,
Kalle Sommer Nielsen
kalle@php.net
That's not a terrible idea. I'll script something up to download,
verify gpg if it's available (verify existing m5 if it's not), and
generate a sha256 from it resulting in a diff to
web-php/include/releases.inc . Can do that irrespective of whether or
not we stop adding md5s.We also got MD5 checksums over at the QA site, but I recently (like a
year ago) added SHA-256 checksums there, so it should be really easy
to get rid of the MD5s
BTW, a point came up on the RMs list to back-supply SHA256 checksums
for old releases. I'm tossing together a script to download, verify
(GPG where possible, MD5 where not), then generating a new SHA256 and
committing the additions to web-php/include/releases.inc
I'll try to get that done asap (gated by download speed, essentially).
-Sara
Le 30/05/2017 à 06:27, Sara Golemon a écrit :
https://wiki.php.net/rfc/release-md5-deprecation
Primary discussion points: Deprecate or Remove? Deprecate for how long?
+1 for dropping md5 checksums for 7.2 releases
And I don't think adding sha256 for old releases (which are unsecure)
worth the work.
Remi.
Le 30/05/2017 à 06:27, Sara Golemon a écrit :
https://wiki.php.net/rfc/release-md5-deprecation
Primary discussion points: Deprecate or Remove? Deprecate for how long?
+1 for dropping md5 checksums for 7.2 releases
And I don't think adding sha256 for old releases (which are unsecure)
worth the work.
Too late: https://github.com/php/web-php/commit/c9224979fe2c56cda84cca664b7eed34df79e16d
I also added a few more commits to account for some places where we're
assuming an md5 checksum will be present.
-Sara