Bug 62821

Summary: Use SHA-512 checksums instead of MD5 to verify jar downloads
Product: JMeter Reporter: Felix Schumacher <felix.schumacher>
Component: MainAssignee: JMeter issues mailing list <issues>
Status: RESOLVED FIXED    
Severity: enhancement CC: p.mouawad
Priority: P2    
Version: 5.0   
Target Milestone: JMETER_5.1   
Hardware: All   
OS: All   

Description Felix Schumacher 2018-10-12 19:45:05 UTC
MD5 is considered broken, so we should verify downloaded artefacts for our build process with a non broken checksum. SHA-512 is considered safe -- at the moment.
Comment 1 Felix Schumacher 2018-10-12 19:50:06 UTC
Date: Fri Oct 12 19:49:33 2018
New Revision: 1843694

URL: http://svn.apache.org/viewvc?rev=1843694&view=rev
Log:
Use SHA-512 checksums instead of MD5 to verify jar downloads

Closes #405 on github
Bugzilla Id: 62821

Modified:
    jmeter/trunk/build.properties
    jmeter/trunk/build.xml
    jmeter/trunk/xdocs/changes.xml
Comment 2 Felix Schumacher 2018-10-12 20:18:27 UTC
Date: Fri Oct 12 20:17:55 2018
New Revision: 1843699

URL: http://svn.apache.org/viewvc?rev=1843699&view=rev
Log:
Correct SHA-512 checksum for xercesImpl and httpasyncclient

Followup to r1843694 Use SHA-512 checksums instead of MD5 to verify jar downloads

Relates #405 on github
Bugzilla Id: 62821