[PATCH] Use sha256 for hashes in the release process
Simon Marchi
simark@simark.ca
Mon Oct 26 02:24:59 GMT 2020
On 2020-10-25 9:33 p.m., andreas@rammhold.de wrote:
The binutils mailing list should be included in this patch (I added it
in this message). See here for the patch:
https://sourceware.org/pipermail/gdb-patches/2020-October/172848.html
> From: Andreas Rammhold <andreas@rammhold.de>
>
> I just came across the GDB 10.1 release notes and saw that md5 is still
> being used in those. I thought it would be a good idea to instead have a
> more modern, secure and wildly available hash function such as SHA256 as
> part of the release process.
>
> The changes have been done rather mechnically via sed but executing the
> `src-release.sh -b gdb` did work so I am confident about the result.
>
> While this does not directly address the release mails, as I was wasn't
> able to find the template/script used for those, this is probably still
> an improvement.
That sounds good to me. I'm sure an argument against that will be that
it will break some people's scripts. But in this case, I think a small
change like that (easy to adjust to), that impacts security (although
still a theoritical risk) is reasonable.
I am also not the one who does releases for GDB (nor binutils), so I
don't know what else this would impact.
> @@ -168,15 +168,15 @@ do_proto_toplev()
>
> CVS_NAMES='-name CVS -o -name .cvsignore'
>
> -# Add an md5sum to the built tarball
> -do_md5sum()
> +# Add an sha256sum to the built tarball
Nit: an -> a
Simon
More information about the Binutils
mailing list