Hi,
I see that addons signing uses SHA1 and MD5. Now they both have collision attacks. Are there any plans to switch to SHA2 or something else? Should I report a bug?
From what I see the problem is not that big since they use both SHA1 and MD5 and the chances to get a collision on both on the same hash are pretty small from what I can figure.
Andrei