Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use SHA-512 checksums instead of MD5 to verify jar downloads #405

Closed
wants to merge 1 commit into from
Closed

Use SHA-512 checksums instead of MD5 to verify jar downloads #405

wants to merge 1 commit into from

Conversation

@FSchumacher
Copy link
Contributor

@FSchumacher FSchumacher commented Oct 11, 2018

Description

Change the checksums for the downloaded jars from MD5 to SHA-512.

Motivation and Context

MD5 is considered broken, so we should verify downloaded artefacts for our build process with a non broken checksum. SHA-512 is considered safe -- at the moment.

How Has This Been Tested?

ant download_jars and other download targets have been run without problems.

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • My code follows the code style of this project.
  • I have updated the documentation accordingly.
    No documentation found for the old md5 checksums construct.
@pmouawad
Copy link
Contributor

@pmouawad pmouawad commented Oct 11, 2018

+1 Thanks

@asfgit asfgit closed this in ffaee6c Oct 12, 2018
asfgit pushed a commit that referenced this issue Oct 12, 2018
Followup to r1843694 Use SHA-512 checksums instead of MD5 to verify jar downloads

Relates #405 on github
Bugzilla Id: 62821



git-svn-id: https://svn.apache.org/repos/asf/jmeter/trunk@1843699 13f79535-47bb-0310-9956-ffa450edef68
StorDm pushed a commit to etnetera/jmeter that referenced this issue Jan 7, 2021
Closes apache#405 on github
Bugzilla Id: 62821


git-svn-id: https://svn.apache.org/repos/asf/jmeter/trunk@1843694 13f79535-47bb-0310-9956-ffa450edef68

Former-commit-id: ffaee6c
StorDm pushed a commit to etnetera/jmeter that referenced this issue Jan 7, 2021
Followup to r1843694 Use SHA-512 checksums instead of MD5 to verify jar downloads

Relates apache#405 on github
Bugzilla Id: 62821



git-svn-id: https://svn.apache.org/repos/asf/jmeter/trunk@1843699 13f79535-47bb-0310-9956-ffa450edef68

Former-commit-id: 3083109
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
2 participants