[
https://issues.apache.org/jira/browse/MINSTALL-82?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Sven Bunge updated MINSTALL-82:
-------------------------------
Attachment:
MINSTALL_82_add__sha256_files__based_on_trunk_commit_1724329_.patch
This issue is 5 years old but still up-to-date. The NIST and other
organisations suggest to switch to SHA-256 immediatly to prevent collision
attacks. I think maven artefacts should add .sha256 hash files to their
artifacts / releases as well -- then maven is able to check them if they
exists.
The plexus-digest has been moved to codehaus but seems not under continuous
development. I've raised a [Pull
Request|https://github.com/codehaus-plexus/plexus-digest/pull/2] on their
repository. But nevertheless: Noone of this digesters is used in this install
plugin yet. So let's move forward and switch to the plexus-digest plugin later
on.
I've attached a second sha256-patch -- you can integrate mine if the old one
isn't not applicable due the age.
> Add sha 256 support
> -------------------
>
> Key: MINSTALL-82
> URL: https://issues.apache.org/jira/browse/MINSTALL-82
> Project: Maven Install Plugin
> Issue Type: New Feature
> Components: install:install
> Affects Versions: 2.3.1
> Reporter: Todd Nine
> Attachments:
> MINSTALL_82_add__sha256_files__based_on_trunk_commit_1724329_.patch,
> sha256.patch
>
>
> Currently no facility for sha 256 exists in the install plugin. Utilities
> such as chef depend on sha 256 to validate downloaded files. I have added
> the functionality to the plugin. Node that my 2 plexus classes are not
> properly loaded and I have hard coded the sha256 implementation. I'm
> unfamiliar with plexus, but all the classes should be correct to submit to
> the digest utilities.
> Thanks,
> Todd
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
