[
https://issues.apache.org/jira/browse/DIGESTER-191?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16789649#comment-16789649
]
Olaf Kock commented on DIGESTER-191:
------------------------------------
Hi [~garydgregory], I know of the shortcomings of MD5 - but I can't use any of
the SHA methods, as the checksums are not provided. In this case the ticket
solution should be to provide the SHA512-sum, or solely rely on PGP. But as it
is, the download site suggests MD5, links the checksum but doesn't provide it.
That's my point: Dead links.
And if the fix is to remove them: Fine.
> md5 checksum: 404 Not Found
> ---------------------------
>
> Key: DIGESTER-191
> URL: https://issues.apache.org/jira/browse/DIGESTER-191
> Project: Commons Digester
> Issue Type: Bug
> Affects Versions: 3.2
> Reporter: Olaf Kock
> Priority: Minor
>
> [http://commons.apache.org/proper/commons-digester/download_digester.cgi]
> states:
> {quote}It is essential that you [verify the
> integrity|https://www.apache.org/info/verification.html] of downloaded files,
> preferably using the {{PGP}} signature ({{*.asc}} files); failing that using
> the {{MD5}} hash ({{*.md5}} checksum files).
> {quote}
> However, if you access the MD5 checksums for 3.2 downloads, they all result
> in (for example)
> {quote}
> h1. Not Found
> The requested URL
> /dist/commons/digester/binaries/commons-digester3-3.2-bin.tar.gz.md5 was not
> found on this server.
> {quote}
> Full URL for the message above:
> [https://www.apache.org/dist/commons/digester/binaries/commons-digester3-3.2-bin.tar.gz.md5]
> PGP signature validation works (but naturally is more of a hassle)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
