Hi, Marc! On Thu, Feb 12, 2009 at 05:44:17PM +0100, Marc Espie wrote: >On Thu, Feb 12, 2009 at 04:05:14PM +0100, Hannah Schroeter wrote: >> On Thu, Feb 05, 2009 at 05:31:06PM -0500, Brad wrote: >> >On Thursday 05 February 2009 17:18:43 Marc Balmer wrote: >> >> shouldn't we abandon md5 in favor of e.g. sha256?
>> >SHA256 has been the default for 2 years now. >> For ports, yes. For packages, more recently, IIRC. For the "MD5" file >> in the base distribution, not at all. >Packages were dependent on two things: >[...] Just to be sure, there was no intent to criticise the timing, especially not with respect to packages, just to make sure there's no misunderstanding about the extent of the SHA256 support that's already been in for a longer time (checking distfiles in the ports tree). And thanks for the detailed explanations, including those about the aim to ensure backward interoperability even in the hope to make "big" upgrades work even though officially only upgrades from one release to the next one are supported, IIRC. Kind regards, Hannah.
