On Thu, Apr 19, 2018 at 7:59 AM, Mukul Gandhi <[email protected]> wrote:
> Hi Gary, > > On Thu, Apr 19, 2018 at 6:34 PM, Gary Gregory <[email protected]> > wrote: > >> Why not add SHA1 hashes? >> >>> > Please see here about the Apache projects release signing procedure, > relating to use of SHA, > > http://www.apache.org/dev/release-signing.html#sha-checksum > > It says, > "Please note that further use of SHA-1 should be avoided. > > SHA512 is recommended." > > I hope this would answer the question. > Yes of course, I did see that, I just got my SHAs mixed up ;-) Thank you for the clarification. Gary > > > -- > Regards, > Mukul Gandhi >
