Skip to content

evergreen: y2030 - stop producing SHA1 and MD5 files, and only provide SHA256 files #1625

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
xnox wants to merge 1 commit into
base: master
Choose a base branch
from
Open

evergreen: y2030 - stop producing SHA1 and MD5 files, and only provide SHA256 files #1625

xnox wants to merge 1 commit into from

Conversation

@xnox
Copy link

@xnox xnox commented Dec 19, 2025

To comply with complete withdrawal of SHA1 usage by both IETF RFC
(non-fips) and NIST CMPV (fips) by 2030, stop producing SHA1 and MD5
checksum files in favor of only providing SHA256 checksum files.

As we enter 2026, software produced today might be in active use in
2030 hence it is best to be forward looking with this.

If anything breaks, this can be reverted with a migration plan figured
out to be executed by 2030.

@xnox
evergreen: y2030 - stop producing SHA1 and MD5 files, and only provid…
b399aa3 
…e SHA256 files

To comply with complete withdrawal of SHA1 usage by both IETF RFC
(non-fips) and NIST CMPV (fips) by 2030, stop producing SHA1 and MD5
checksum files in favor of only providing SHA256 checksum files.

As we enter 2026, software produced today might be in active use in
2030 hence it is best to be forward looking with this.

If anything breaks, this can be reverted with a migration plan figured
out to be executed by 2030.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@xnox