> Am 23.10.2017 um 20:36 schrieb William A Rowe Jr <[email protected]>: > > HTTPD team, > > Since our downloads are to be authenticated by their .asc PGP > signatures, and the hashes simply serve as checksums, is it reasonable > to offer only MD5 and SHA256 at this point? > > Anyone without SHA256 (rare, I'd expect) can use MD5 as the simplest > supported checksum. All others should apply the strongest hash > validation. > > Thoughts? > > Bill
+1
