Good morning Andreas, Andreas Stieger wrote on Sat, 10 Jun 2017 12:24 +0200: > Hello, > > Found this laying around... maybe someone who previously made releases > could check it out. >
Any news about this patch? I have some pending tweaks to release.py and don't want to conflict. > Obviously we could just as well use SHA-256. What do you think? > As I said about an earlier iteration: I think the main question is whether we want to provide both sha1 and sha2 hashes for a transition period. I.e., do we try for compatibility or force people to switch over to sha2. I don't have a preference between sha256 and sha512. Cheers, Daniel > [[[ > > Use SHA-2 hashes for releases > > * tools/dist/checksums.py: also check SHA-512 digest > * tools/dist/dist.sh: also generate SHA-512 digest > * tools/dist/download-release.sh: remove unused script > * tools/dist/release.py: switch to announcing SHA-512 digest > * tools/dist/templates/download.ezt, > tools/dist/templates/rc-release-ann.ezt, > tools/dist/templates/stable-release-ann.ezt: reference SHA-512 digests > and HTTPS urls. > > ]]] > > > Andreas
