You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@jmeter.apache.org by bu...@apache.org on 2018/10/12 19:45:05 UTC

[Bug 62821] New: Use SHA-512 checksums instead of MD5 to verify jar downloads

https://bz.apache.org/bugzilla/show_bug.cgi?id=62821

            Bug ID: 62821
           Summary: Use SHA-512 checksums instead of MD5 to verify jar
                    downloads
           Product: JMeter
           Version: 5.0
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Main
          Assignee: issues@jmeter.apache.org
          Reporter: felix.schumacher@internetallee.de
  Target Milestone: JMETER_5.1

MD5 is considered broken, so we should verify downloaded artefacts for our
build process with a non broken checksum. SHA-512 is considered safe -- at the
moment.

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 62821] Use SHA-512 checksums instead of MD5 to verify jar downloads

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62821

--- Comment #2 from Felix Schumacher <fe...@internetallee.de> ---
Date: Fri Oct 12 20:17:55 2018
New Revision: 1843699

URL: http://svn.apache.org/viewvc?rev=1843699&view=rev
Log:
Correct SHA-512 checksum for xercesImpl and httpasyncclient

Followup to r1843694 Use SHA-512 checksums instead of MD5 to verify jar
downloads

Relates #405 on github
Bugzilla Id: 62821

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 62821] Use SHA-512 checksums instead of MD5 to verify jar downloads

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62821

Felix Schumacher <fe...@internetallee.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Felix Schumacher <fe...@internetallee.de> ---
Date: Fri Oct 12 19:49:33 2018
New Revision: 1843694

URL: http://svn.apache.org/viewvc?rev=1843694&view=rev
Log:
Use SHA-512 checksums instead of MD5 to verify jar downloads

Closes #405 on github
Bugzilla Id: 62821

Modified:
    jmeter/trunk/build.properties
    jmeter/trunk/build.xml
    jmeter/trunk/xdocs/changes.xml

-- 
You are receiving this mail because:
You are the assignee for the bug.

[Bug 62821] Use SHA-512 checksums instead of MD5 to verify jar downloads

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=62821

Philippe Mouawad <p....@ubik-ingenierie.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Severity|normal                      |enhancement
                 CC|                            |p.mouawad@ubik-ingenierie.c
                   |                            |om

-- 
You are receiving this mail because:
You are the assignee for the bug.