We should move to something more secure than md5 for the uploaded sources. This patch series implements the server-side part of this change, adding support for sha512, but keeping support for md5 as a fallback for now.
We might want to drop the md5 fallback once we have migrated completely, that is when fedpkg has been updated too. The last patch is unrelated, but it's a fix for a problem I found while testing this change. https://fedorahosted.org/rel-eng/ticket/5846 _______________________________________________ infrastructure mailing list infrastructure@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/infrastructure
