gh-129327: revise hashlib documentation to account for FIPS removing sha1

eli-schwartz · eli-schwartz · commit 960d84a5491f · 2025-01-27T01:21:59.000-05:00
diff --git a/Doc/library/hashlib.rst b/Doc/library/hashlib.rst
@@ -21,9 +21,10 @@
 --------------
 
 This module implements a common interface to many different secure hash and
-message digest algorithms.  Included are the FIPS secure hash algorithms SHA1,
-SHA224, SHA256, SHA384, SHA512, (defined in `the FIPS 180-4 standard`_),
-the SHA-3 series (defined in `the FIPS 202 standard`_) as well as RSA's MD5
+message digest algorithms.  Included are the FIPS secure hash algorithms
+SHA224, SHA256, SHA384, SHA512, (defined in `the FIPS 180-4 standard`_), the
+SHA-3 series (defined in `the FIPS 202 standard`_) as well as the legacy
+insecure algorithms SHA1 (formerly part of FIPS) and RSA's MD5
 algorithm (defined in internet :rfc:`1321`).  The terms "secure hash" and
 "message digest" are interchangeable.  Older algorithms were called message
 digests.  The modern term is secure hash.
diff --git a/Misc/NEWS.d/next/Documentation/2025-01-27-01-21-55.gh-issue-129327.sv2NB1.rst b/Misc/NEWS.d/next/Documentation/2025-01-27-01-21-55.gh-issue-129327.sv2NB1.rst
@@ -0,0 +1,2 @@
+Clarify that hashlib's SHA1 is no longer a FIPS secure algorithm. Patch by
+Eli Schwartz.

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,2 @@`
	`1`	`+Clarify that hashlib's SHA1 is no longer a FIPS secure algorithm. Patch by`
	`2`	`+Eli Schwartz.`