On Wed, Jun 28, 2017, 10:26 AM Sara Golemon <poll...@php.net> wrote: > On Wed, Jun 28, 2017 at 2:58 AM, Niklas Keller <m...@kelunik.com> wrote: > > 2017-06-28 4:19 GMT+02:00 Sara Golemon <poll...@php.net>: > >> I've pushed two commits to remove MD5 from www.php.net and qa.php.net, > >> however it should be noted that I left a fair amount of md5 in web-php > >> because very old releases have neither GPG signatures nor SHA256 > >> checksums, and while MD5 is weak and broken, it's better than nothing. > >> > > Can't we just rehash them? > > > If we agree that we trust the existing binaries haven't been > compromised at any point, sure. But at that point we'd be saying > "Here's a trustable sha256/gpg signature for a file" when really it's > "Here's a signature that's only really as trustable as the md5 we used > to verify it when we rehashed". > > In the interest of not presenting a false sense of security, I'd vote > "No" on that. Our past few years of releases are more reliably > signed, and we can be honest about what's in the attic. > > That all said, it wouldn't be a terrible idea to anchor some gpg sigs > of the old archives (in an explicitly flagged repo) just to be able to > say "They haven't changed since Jun 2017".
The counter argument is "They haven't changed since 2017" is better than they might have changed yesterday... Especially in a couple years. Or when things don't get hacked and we want to verify them. They all have published vulnerabilities so for anyone who cares to look at them that should be good enough. You could leave the md5 to destinguish them. That or if we don't trust them enough to sign them, remove them because we're never going to trust them more than we do today.
