On 24.02.2017 06:26, Daniel Shahaf wrote:
Andreas Stieger wrote on Thu, Feb 23, 2017 at 21:08:43 +0100:
+++ tools/dist/release.py (working copy)
@@ -537,9 +537,9 @@ def roll_tarballs(args):
shutil.move(filename, get_deploydir(args.base_dir))
filename = os.path.join(get_deploydir(args.base_dir), filename)
- m = hashlib.sha1()
+ m = hashlib.sha512()
m.update(open(filename, 'r').read())
- open(filename + '.sha1', 'w').write(m.hexdigest())
+ open(filename + '.sha512', 'w').write(m.hexdigest())
Should we keep generating both .sha1 and .sha512 for a transition
period?
Generate both. People are free to use any for their verification needs.
So, more choice - better service to the user.
-- Stefan^2.
