Switch Digest Signing over to sha256 from md5

kornelski / cargo-deb

A cargo subcommand that generates Debian packages from information in Cargo.toml

https://lib.rs/cargo-deb

MIT License

404 stars 48 forks source link

Switch Digest Signing over to sha256 from md5 #128

Closed RocketJas closed 2 months ago

RocketJas commented 3 months ago

As the MD5 hash function is considered cryptographically broken, I have switched over the signing to use sha256. I have made this change to a fork and I was wondering if this was appropriate to upstream. https://github.com/RocketJas/cargo-deb/pull/1

kornelski commented 2 months ago

Thanks for the suggestion. I've implemented it without OpenSSL, which is a heavy dependency.

RocketJas commented 2 months ago

Thank you for fixing this so quickly.