On Mon, Feb 28, 2022 at 04:42:55PM -0500, Stephen Frost wrote: > Keeping it around will just push out the point at which everyone will > finally be done with it, as there's really only two groups: those who > have already moved to scram, and those who won't move until they want to > upgrade to a release that doesn't have md5.
FWIW, I am not sure if we are at this point yet. An extra reason to remove it would be that it is a support burden, but I don't have seen in recent memory any problems related to it that required any deep changes in the way to use it, and its code paths are independent. The last time I played with this area is the recent error handling improvement with cryptohashes but MD5 has actually helped here in detecting the problem as a patched OpenSSL would complain if trying to use MD5 as hash function when FIPS is enabled. -- Michael
signature.asc
Description: PGP signature
