Skip to content

Use SHA-512 checksums instead of MD5 to verify jar downloads #405

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
FSchumacher wants to merge 1 commit into from
Closed

Use SHA-512 checksums instead of MD5 to verify jar downloads #405

FSchumacher wants to merge 1 commit into from

Conversation

@FSchumacher
Copy link
Contributor

@FSchumacher FSchumacher commented Oct 11, 2018

Description

Change the checksums for the downloaded jars from MD5 to SHA-512.

Motivation and Context

MD5 is considered broken, so we should verify downloaded artefacts for our build process with a non broken checksum. SHA-512 is considered safe -- at the moment.

How Has This Been Tested?

ant download_jars and other download targets have been run without problems.

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • My code follows the code style of this project.
  • I have updated the documentation accordingly.
    No documentation found for the old md5 checksums construct.

@pmouawad
Copy link
Contributor

pmouawad commented Oct 11, 2018

+1 Thanks

@asfgit asfgit closed this in ffaee6c Oct 12, 2018
asfgit pushed a commit that referenced this pull request Oct 12, 2018
@FSchumacher
Correct SHA-512 checksum for xercesImpl and httpasyncclient
3083109 
Followup to r1843694 Use SHA-512 checksums instead of MD5 to verify jar downloads

Relates #405 on github
Bugzilla Id: 62821



git-svn-id: https://svn.apache.org/repos/asf/jmeter/trunk@1843699 13f79535-47bb-0310-9956-ffa450edef68
StorDm pushed a commit to etnetera/jmeter that referenced this pull request Jan 7, 2021
@FSchumacher
Use SHA-512 checksums instead of MD5 to verify jar downloads
84ac1ba 
Closes apache#405 on github
Bugzilla Id: 62821


git-svn-id: https://svn.apache.org/repos/asf/jmeter/trunk@1843694 13f79535-47bb-0310-9956-ffa450edef68

Former-commit-id: ffaee6c
StorDm pushed a commit to etnetera/jmeter that referenced this pull request Jan 7, 2021
@FSchumacher
Correct SHA-512 checksum for xercesImpl and httpasyncclient
e96ddbe 
Followup to r1843694 Use SHA-512 checksums instead of MD5 to verify jar downloads

Relates apache#405 on github
Bugzilla Id: 62821



git-svn-id: https://svn.apache.org/repos/asf/jmeter/trunk@1843699 13f79535-47bb-0310-9956-ffa450edef68

Former-commit-id: 3083109
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@FSchumacher @pmouawad