[
https://issues.apache.org/jira/browse/MNG-6784?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17470175#comment-17470175
]
Tamás Cservenák commented on MNG-6784:
--------------------------------------
Agreed, please do not mix the two: md5/sha1 is used by resolver ONLY to
eliminate transport corruption (bitrot). While SHA1 (and MD5) are deprecated in
cryptography, this is not cryptography, just data integrity (and even today
many Linux/Unix use MD5 for same purpose). Also, see
[https://en.wikipedia.org/wiki/SHA-1] the "Data integrity" section.
> Create correct SHA512 content
> -----------------------------
>
> Key: MNG-6784
> URL: https://issues.apache.org/jira/browse/MNG-6784
> Project: Maven
> Issue Type: Improvement
> Components: Deployment
> Affects Versions: 3.6.2
> Reporter: Karl Heinz Marbaise
> Priority: Minor
>
> Currently the created SHA512 which is used for the distribution area contains
> only the checksum but not the filename which results in bad output if the
> checksums being checked via command line tool:
> {code}
> $ shasum -c apache-maven-3.2.5-bin.tar.gz.sha512
> $ shasum: apache-maven-3.2.5-bin.tar.gz.sha512: no properly formatted SHA
> checksum lines found
> {code}
> The checksum should be enhanced to support that correctly.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
