Ever since released [1] our file release system [2] (including secure updates and installations of .xpi files) we've planned on improving the support of hashes. We didn't originally realize that md5 was no longer on the list of hashes [3], and with sha1 having its own share of problems recently, the need for stronger hashes was increased.
So finally we have dropped support for md5 as well and support only the stronger hash mechanisms (sha1, sha256, sha384, and sha512). We still auto-detect the hash type by the length of the hash submitted in the file management tool, so the procedure is exactly the same. Any existing md5 hashes are still in our system and presented by our secure install links but are considered deprecated. -Doug [1] http://www.mozdev.org/drupal/blog/Project-overview-page [2] http://www.mozdev.org/drupal/wiki/MozdevDownloadReleases [3] https://developer.mozilla.org/en/Extension_Versioning%2c_Update_and_Compatibility#Update_RDF_Format -- Douglas E. Warner <[email protected]> Site Developer Mozdev.org http://www.mozdev.org
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Project_owners mailing list [email protected] https://www.mozdev.org/mailman/listinfo/project_owners
