jira-importer commented on issue #301: URL: https://github.com/apache/maven-install-plugin/issues/301#issuecomment-2771866029
**[Sven Bunge](https://issues.apache.org/jira/secure/ViewProfile.jspa?name=bigd)** commented This issue is 5 years old but still up-to-date. The NIST and other organisations suggest to switch to SHA-256 immediatly to prevent collision attacks. I think maven artefacts should add .sha256 hash files to their artifacts / releases as well -- then maven is able to check them if they exists. The plexus-digest has been moved to codehaus but seems not under continuous development. I've raised a [Pull Request](https://github.com/codehaus-plexus/plexus-digest/pull/2) on their repository. But nevertheless: Noone of this digesters is used in this install plugin yet. So let's move forward and switch to the plexus-digest plugin later on. I've attached a second sha256-patch -- you can integrate mine if the old one isn't not applicable due the age. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
