GNU bug report logs -
#6789
propose renaming gnulib memxfrm to amemxfrm (naming collision with coreutils)
Previous Next
Reported by: Paul Eggert <eggert <at> CS.UCLA.EDU>
Date: Tue, 3 Aug 2010 19:47:01 UTC
Severity: normal
Done: Jim Meyering <jim <at> meyering.net>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
On 14/08/10 18:19, Bruno Haible wrote:
> Hi Pádraig,
>
>> I also removed the addition to --help
>> (and consequently the man page), as I think it's overkill.
>
> It's common to list important issues with a program or function
> in the BUGS section of the manual page. For example,
>
> $ man 3 tempnam
> ...
> BUGS
> ...
> Never use this function. Use mkstemp(3) or tmpfile(3) instead.
>
> In particular if the use of a program may have severe security implications,
> I would expect to know about it from the manual page.
OK cool. I was thinking that warnings would be more appropriate
in library docs rather than the user util, but I will add
the warning to BUGS in man/md5sum.x and leave --help unchanged.
>> If we were to add something to --help it should
>> probably be also done for sha1sum
>
> The attacks on SHA-1 are less advanced than those on MD5, currently.
> But if you would warn against use of SHA-1 also, please go ahead.
>
>> commit 4caf1adec8e6ce0cb7ab75365ab312411b2d47bd
>> Author: Bruno Haible <bruno <at> clisp.org>
>> Date: Tue Aug 10 01:56:36 2010 +0100
>>
>> doc: improve the info on md5sum security weaknesses
>>
>> * doc/coreutils.texi (md5sum invocation): Mention currently known
>> security problems. Don't recommend SHA-1 as alternative.
>> Reported by Simon Josefsson
>
> You haven't pushed this so far, I think?
I only added it to my local queue in case there was
feedback on my amendments. I will apply the update now.
thanks,
Pádraig.
This bug report was last modified 14 years and 6 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.