[
https://issues.apache.org/jira/browse/JCR-4378?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16633853#comment-16633853
]
Julian Reschke commented on JCR-4378:
-------------------------------------
> Again, this does not affect the links which are published on download pages.
Please clarify "this".
>From my point of view, the issue for Jackrabbit has been fixed. We use a shell
>script for creating the contents of the downloads page, and that has been
>changed not to include the SHA1 link anymore.
> MD5 and SHA1 should no longer be provided on download pages
> ------------------------------------------------------------
>
> Key: JCR-4378
> URL: https://issues.apache.org/jira/browse/JCR-4378
> Project: Jackrabbit Content Repository
> Issue Type: Bug
> Reporter: Sebb
> Assignee: Julian Reschke
> Priority: Major
>
> As the subject says: SHA1 is deprecated and should no longer be linked from
> download pages.
> New releases should have sha256 and/or sha512 hashes instead.
> If a historic release only has a SHA1 hash, that can be retained, but ideally
> it can be replaced with a better sha256/512 one.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
