You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Gary Gregory (JIRA)" <ji...@apache.org> on 2019/03/11 14:05:00 UTC

[jira] [Commented] (DIGESTER-191) md5 checksum: 404 Not Found

    [ https://issues.apache.org/jira/browse/DIGESTER-191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16789604#comment-16789604 ] 

Gary Gregory commented on DIGESTER-191:
---------------------------------------

Hi [~olafkock],

Since MD5 is no longer safe, you should only use SHA256 or SHA512.

A lot of components that have not had released in a while have not been updated to reflect this.

Gary

> md5 checksum: 404 Not Found
> ---------------------------
>
>                 Key: DIGESTER-191
>                 URL: https://issues.apache.org/jira/browse/DIGESTER-191
>             Project: Commons Digester
>          Issue Type: Bug
>    Affects Versions: 3.2
>            Reporter: Olaf Kock
>            Priority: Minor
>
> [http://commons.apache.org/proper/commons-digester/download_digester.cgi] states:
> {quote}It is essential that you [verify the integrity|https://www.apache.org/info/verification.html] of downloaded files, preferably using the {{PGP}} signature ({{*.asc}} files); failing that using the {{MD5}} hash ({{*.md5}} checksum files).
> {quote}
> However, if you access the MD5 checksums for 3.2 downloads, they all result in (for example)
> {quote}
> h1. Not Found
> The requested URL /dist/commons/digester/binaries/commons-digester3-3.2-bin.tar.gz.md5 was not found on this server.
> {quote}
> Full URL for the message above: [https://www.apache.org/dist/commons/digester/binaries/commons-digester3-3.2-bin.tar.gz.md5]
> PGP signature validation works (but naturally is more of a hassle)



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)