Bug 62821 - Use SHA-512 checksums instead of MD5 to verify jar downloads
Summary: Use SHA-512 checksums instead of MD5 to verify jar downloads
Status: RESOLVED FIXED
Alias: None
Product: JMeter
Classification: Unclassified
Component: Main (show other bugs)
Version: 5.0
Hardware: All All
: P2 enhancement (vote)
Target Milestone: JMETER_5.1
Assignee: JMeter issues mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-12 19:45 UTC by Felix Schumacher
Modified: 2018-12-18 22:29 UTC (History)
1 user (show)



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Felix Schumacher 2018-10-12 19:45:05 UTC
MD5 is considered broken, so we should verify downloaded artefacts for our build process with a non broken checksum. SHA-512 is considered safe -- at the moment.
Comment 1 Felix Schumacher 2018-10-12 19:50:06 UTC
Date: Fri Oct 12 19:49:33 2018
New Revision: 1843694

URL: http://svn.apache.org/viewvc?rev=1843694&view=rev
Log:
Use SHA-512 checksums instead of MD5 to verify jar downloads

Closes #405 on github
Bugzilla Id: 62821

Modified:
    jmeter/trunk/build.properties
    jmeter/trunk/build.xml
    jmeter/trunk/xdocs/changes.xml
Comment 2 Felix Schumacher 2018-10-12 20:18:27 UTC
Date: Fri Oct 12 20:17:55 2018
New Revision: 1843699

URL: http://svn.apache.org/viewvc?rev=1843699&view=rev
Log:
Correct SHA-512 checksum for xercesImpl and httpasyncclient

Followup to r1843694 Use SHA-512 checksums instead of MD5 to verify jar downloads

Relates #405 on github
Bugzilla Id: 62821