issue #452: use SHA256 instead of MD5 for FIPS compatibility

guard / listen

The Listen gem listens to file modifications and notifies you about the changes.

https://rubygems.org/gems/listen

MIT License

1.93k stars 247 forks source link

issue #452: use SHA256 instead of MD5 for FIPS compatibility #541

Closed ColinDKelley closed 3 years ago

ColinDKelley commented 3 years ago

Addresses issue #452 by using SHA256 instead of MD5.

ColinDKelley commented 3 years ago

Thanks @ioquatix.

What do you think about version bumping for this? It's not a major version bump, since no interfaces changed. But the dependencies did change slightly, so probably a minor version bump?

ioquatix commented 3 years ago

I think it's fine. No one should be depending on the checksum implementation. I'd even just do a patch release.

ColinDKelley commented 3 years ago

No one should be depending on the checksum implementation.

I agree they shouldn't. But if you told me that Truffle- or J- or MRI Ruby version X has a problem where the SHA256 interface is broken in some way (perhaps because of libssl?) I'd believe you in an instant. I've started leaning towards minor version bumps for dependency changes for this reason.

But here's an even better reason: this release actually adds a feature: FIPS compatibility.