This is the mail archive of the cygwin mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Mar 31 14:08, David A. Wheeler wrote: > Signed-off-by: David A. Wheeler Ugh! *Short* patches are ok for the cygwin mailing list. Short being a handful of lines, not entire novels. Novels go to cygwin-patches, please :) Other than that, patch looks almost ok. I only scanned it for now since it's late in the day for me. One nit: > +<para> > +Up through 2015 Cygwin used the MD5 algorithm for cryptographic hashes. > +Cygwin used both MD5 and length checks, which makes some attacks harder > +than if Cygwin used only MD5, > +but MD5 is no longer considered a secure cryptographic hash algorithm. > +The 2015-02-06 update of the setup program > +added support for the SHA-512 cryptographic hash algorithm for > +sigining the <literal>setup.ini</literal> package list, as described in > +<ulink url="https://cygwin.com/ml/cygwin/2015-02/msg00093.html"/>. > +The announcement also noted that there will be a switch to SHA-512 > +checksums in the <literal>setup.ini</literal> files. The switch has been performed 2015-03-23. I'll read it more thoroughly tomorrow. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat
Attachment:
pgpaeZIBC11zD.pgp
Description: PGP signature
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |