On Aug 26, 2012, at 2:49 PM, Rob Weir wrote: > On Sun, Aug 26, 2012 at 5:20 PM, Pedro Giffuni <[email protected]> wrote: >> BTW, >> >> ----- Original Message ----- >> ... >>>> >>>> This is already part of the current process. The signatures are in >>> download_external_dependencies.pl. The Central Maven Repository uses these >>> as >>> well. >>>> >>> >>> Those are MD5 hashes, not signatures. MD5 has been broken since 1996: >>> >>> http://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities >>> >> >> We can simply replace MD5 with SHA256 (Apache-Extras >> generates SHA1). >> > > Good enough for Bitcoins...
r1377529 removes SVN! I'm checking to see what is Maven central - http://search.maven.org/ Regards, Dave > >> Pedro.
