[jira] [Commented] (JCR-4378) MD5 and SHA1 should no longer be provided on download pages

Sebb (JIRA) Fri, 28 Sep 2018 08:11:10 -0700


    [ 
https://issues.apache.org/jira/browse/JCR-4378?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16631986#comment-16631986
 ]


Sebb commented on JCR-4378:
---------------------------

http://www.apache.org/dev/release-distribution#sigs-and-sums

> MD5  and SHA1 should no longer be provided on download pages
> ------------------------------------------------------------
>
>                 Key: JCR-4378
>                 URL: https://issues.apache.org/jira/browse/JCR-4378
>             Project: Jackrabbit Content Repository
>          Issue Type: Bug
>            Reporter: Sebb
>            Priority: Major
>
> As the subject says: SHA1 is deprecated and should no longer be linked from 
> download pages.
> New releases should have sha256 and/or sha512 hashes instead.
> If a historic release only has a SHA1 hash, that can be retained, but ideally 
> it can be replaced with a better sha256/512 one.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (JCR-4378) MD5 and SHA1 should no longer be provided on download pages

Reply via email to