On 01/02/2016 05:45 PM, Luca Toscano wrote: > Hi Apache devs! > > I am trying to contribute to the httpd project following up with some > Documentation tasks in bz.apache.org > <http://bz.apache.org>, so please be patient with me if the question is > trivial :) > > This bug is interesting: https://bz.apache.org/bugzilla/show_bug.cgi?id=55808 > > Would it make sense to remove MD5/SHA1 in favour of PGP only of PGP/SHA256? > I'd like your opinion before resolving as > "wontfix" or changing the docs.
MD5 and SHA1 still have use cases. You can still use them to check easily that your download is complete and wasn't corrupted by any accidental network foo. Of course they are not save for verifying that no one tampered the downloads on purpose. This is what the PGP signature is for. Regards RĂ¼diger --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
