On 13/05/2010 8:01 AM, Elisha Ebenezer wrote:
Ceki, I've raised the bug report upon your suggestion. Bug#183 <http://bugzilla.slf4j.org/show_bug.cgi?id=183> However, I still request you to specify the md5/sha1 checksums on your site. This will help us to atleast convince our security team that, integrity of the downloaded files can be verified. Please do the needful. Thanks, Elisha Ebenezer.
An md5 or sha1 checksum on http://slf4j.org would not provide any additional security because any adversary who can corrupt the distribution files on our site can also, in all likelihood, corrupt the checksums appearing on the same site. I am quite surprised to hear any knowledgeable security professional would consider a cryptographic checksum as providing any sort of integrity assurance because it does not. _______________________________________________ slf4j-user mailing list slf4j-user@qos.ch http://qos.ch/mailman/listinfo/slf4j-user
