18 Mar 2011 18 Mar '11
On Fri, Mar 18, 2011 at 9:43 AM, Thomas Lotze firstname.lastname@example.org wrote:
Marius Gedminas wrote:
Please don't hardcode the checksum algorithm to MD5. Security researchers have been telling everyone to stop using MD5 (and SHA1) for a while now.
Good point. All this talking about MD5 specifically has been due to the fact that this is what used to be used by the download API and the gocep.download recipe so far. To take up the idea I posted a few minutes ago, one might specify checksums like this:
[checksums] foo = http://example.org/foo.tgz algorithm:checksum-value
-- Benji York