MD5 is broken, and the Apache foundation has explicitly asked us to move away from it (for release signing at the very least). More importantly, if we ever support caching/sharing of pipeline artifacts, this becomes a security risk.
On Sat, Oct 6, 2018 at 12:46 AM Henning Rohde <[email protected]> wrote: > MD5 is a checksum used by GCS, Azure storage and others. It's convenient > that they match. The checksum is not used for security decisions. Is there > a JIRA describing the rationale for changing it? > > — > You are receiving this because you authored the thread. > Reply to this email directly, view it on GitHub > <https://github.com/apache/beam/pull/6583#issuecomment-427518236>, or mute > the thread > <https://github.com/notifications/unsubscribe-auth/AAdqgUCdcUDsr_XH0FP1QK-JrKiRNheWks5uh-E2gaJpZM4XKfXS> > . > [ Full content available at: https://github.com/apache/beam/pull/6583 ] This message was relayed via gitbox.apache.org for [email protected]
