All users were logged out of Bugzilla on October 13th, 2018
Make post-mozilla-rel.pl use a stronger crypto hash when creating update.snippet Currently, it is using MD5, and we should instead leverage a perl crypto module to use a stronger hash. MD5 is probably fine in practice, but for good measure, we probably ought to use something stronger (because we can).
does the perl install use the DIGEST package? I think that comes with sha1.
Here's a pointer to the code: http://lxr.mozilla.org/mozilla/source/tools/tinderbox/post-mozilla-rel.pl#418
Oops, I forgot to mention that the version of post-mozilla-rel.pl that is actually in production has been modified to select md5 instead of sha1 because some of the tinderboxen do not have the sha1sum program installed.
I think the resolution to this bug is to install sha1sum on all tinderboxen, and modify the script. Isn't it a really minor change to install sha1sum ? Should this be assigned to chase ?
We are using SHA1 now on the tinderboxen... resolving wfm since I don't know the bug that changed this.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.