GNU bug report logs - #6789
propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils)

Previous Next

Package: coreutils;

Reported by: Paul Eggert <eggert <at> CS.UCLA.EDU>

Date: Tue, 3 Aug 2010 19:47:01 UTC

Severity: normal

Done: Jim Meyering <jim <at> meyering.net>

Bug is archived. No further changes may be made.

Full log

Message #65 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Bruno Haible <bruno <at> clisp.org>
To: Pádraig Brady <P <at> draigbrady.com>
Cc: Simon Josefsson <simon <at> josefsson.org>, Paul Eggert <eggert <at> cs.ucla.edu>,
	bug-coreutils <at> gnu.org
Subject: Re: bug#6789: MD5 is broken
Date: Sat, 14 Aug 2010 19:19:04 +0200

Hi Pádraig,

> I also removed the addition to --help
> (and consequently the man page), as I think it's overkill.

It's common to list important issues with a program or function
in the BUGS section of the manual page. For example,

  $ man 3 tempnam
  ...
  BUGS
  ...
         Never use this function.  Use mkstemp(3) or tmpfile(3) instead.

In particular if the use of a program may have severe security implications,
I would expect to know about it from the manual page.

> If we were to add something to --help it should
> probably be also done for sha1sum

The attacks on SHA-1 are less advanced than those on MD5, currently.
But if you would warn against use of SHA-1 also, please go ahead.

> commit 4caf1adec8e6ce0cb7ab75365ab312411b2d47bd
> Author: Bruno Haible <bruno <at> clisp.org>
> Date:   Tue Aug 10 01:56:36 2010 +0100
> 
>     doc: improve the info on md5sum security weaknesses
> 
>     * doc/coreutils.texi (md5sum invocation): Mention currently known
>     security problems. Don't recommend SHA-1 as alternative.
>     Reported by Simon Josefsson

You haven't pushed this so far, I think?

Bruno
This bug report was last modified 14 years and 6 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.