![](https://secure.gravatar.com/avatar/b4160fdf0c8964d1f316736331ff35ff.jpg?s=120&d=mm&r=g)
Hey Sergei,
I cannot speak in the name of Lukas but I assume that he is talking about the payload signature of RPM files.
Technically speaking SHA1 and MD5 can collide but only to specific file sizes.
It's not that simple to create an RPM in a size of 10+ MB which will provide the exact same
functionality ie DB which will include errors and/or other things.
I know it's pretty simple to upgrade the signature so I do not find any reason to not add a SHA256 sig.
All The Bests,
Eliezer
----
Eliezer Croitoru
Tech Support
Mobile: +972-5-28704261
Email: ngtech1ltd@gmail.com
Zoom: Coming soon
-----Original Message-----
From: Maria-discuss
Hi,
In RHEL-9 we are deprecating, old SHA-1 and MD5 and that's why I want to ask you if there is any chance that upstream is going to change it, or we should do it downstream.
These algorithms are no longer considered as safe, so it may be a good thing to upgrade them.
AFAIK mariadb uses these algorithms in *mariadb* and *mariadb-connector-c.*
Also if you have no intention to change it, is there any chance you could help us somehow. Maybe point out what we should be aware of.
Please let me know what you think
Lukas
-- S pozdravom/ Best regards
Lukáš Javorský
Associate Software Engineer, Core service - Databases
Red Hat https://www.redhat.com
Purkyňova 115 (TPB-C)
612 00 Brno - Královo Pole
ljavorsk@redhat.com https://www.redhat.com
_______________________________________________ Mailing list: https://launchpad.net/~maria-discuss Post to : maria-discuss@lists.launchpad.net Unsubscribe : https://launchpad.net/~maria-discuss More help : https://help.launchpad.net/ListHelp