Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

issue #452: use SHA256 instead of MD5 for FIPS compatibility #541

Merged
merged 1 commit into from Jul 20, 2021
Merged

issue #452: use SHA256 instead of MD5 for FIPS compatibility #541

merged 1 commit into from Jul 20, 2021

Conversation

ColinDKelley
Copy link
Collaborator

@ColinDKelley ColinDKelley commented Jul 20, 2021
edited

Addresses issue #452 by using SHA256 instead of MD5.

@ColinDKelley ColinDKelley mentioned this pull request Jul 20, 2021
Closed
ioquatix
ioquatix approved these changes Jul 20, 2021
View reviewed changes
Copy link
Member

@ioquatix ioquatix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh no.. MD5.

@ColinDKelley
Copy link
Collaborator Author

Thanks @ioquatix.

What do you think about version bumping for this? It's not a major version bump, since no interfaces changed. But the dependencies did change slightly, so probably a minor version bump?

@ioquatix
Copy link
Member

ioquatix commented Jul 20, 2021
edited

I think it's fine. No one should be depending on the checksum implementation. I'd even just do a patch release.

@ColinDKelley
Copy link
Collaborator Author

No one should be depending on the checksum implementation.

I agree they shouldn't. But if you told me that Truffle- or J- or MRI Ruby version X has a problem where the SHA256 interface is broken in some way (perhaps because of libssl?) I'd believe you in an instant. I've started leaning towards minor version bumps for dependency changes for this reason.

But here's an even better reason: this release actually adds a feature: FIPS compatibility.

@ColinDKelley ColinDKelley merged commit 2693d44 into guard:master Jul 20, 2021
@ColinDKelley ColinDKelley linked an issue Jul 20, 2021 that may be closed by this pull request
Listen's use of Digest::MD5 breaks support on FIPS enabled machines #452
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ioquatix ioquatix ioquatix approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Listen's use of Digest::MD5 breaks support on FIPS enabled machines
2 participants
@ColinDKelley @ioquatix