Mark,
On 1/24/21 04:44, ma...@apache.org wrote:
This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/master by this push:
new 7bb9eec Ensure Windows signing uses sha256 hash
7bb9eec is described below
commit 7bb9eeced9522058796c3dfdc759e3f5eedb258d
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Sun Jan 24 09:42:06 2021 +0000
Ensure Windows signing uses sha256 hash
---
build.xml | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/build.xml b/build.xml
index 32142c8..be0f1da 100644
--- a/build.xml
+++ b/build.xml
@@ -2575,6 +2575,8 @@ skip.installer property in build.properties" />
<arg value="sign"/>
<arg value="/sha1"/>
<arg value="${codesigning.certificate.thumbprint}"/>
+ <arg value="/fd"/>
+ <arg value="sha256"/>
I see there is a /sha1 option on the command as well. Does that mean
that SHA1 is also being performed? Is it required?
We abandoned SHA-1 (and SHA-256 for that matter) for the signatures we
put on our web sites some time ago. Is it possible to use SHA-512 for
these signatures as well?
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
