Oleg, Let's check what's used at another popular Apache Projects.
On Wed, Jul 26, 2017 at 11:10 PM, Dmitry Pavlov <dpavlov....@gmail.com> wrote: > Hi Oleg, > > Both MD5 and SHA1 are deprecated and can't be considered as trustfull. > > I think at-least-256 bit member of the SHA-2 family (e. g. sha512) should > be used. > > Sincerely, > Dmitriy Pavlov > > ср, 26 июл. 2017 г. в 22:27, Oleg Ostanin <oosta...@gridgain.com>: > > > Hi, > > > > We need to decide what сhecksum algorythm we should use for signing > release > > artifacts. Currently we use md5 and sha-1. sha-1 will be replaced by > > sha-256 soon. Should we keep md5 or use only sha-256? > > >