Follow-up Comment #6, sr #106651 (project administration): Does Savannah use MD5 for the signature? I recall seeing some documentation on how to verify the ssl certificate and now I do not see it. According to this article, md5 signatures are very bad and have been cracked. Negate Schneier's messages about how nobody cares about SSL; it would be better to worry about what is the best practice.
http://www.schneier.com/blog/archives/2008/12/forging_ssl_cer.html _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/support/?106651> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/
