commons-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Gregory <garydgreg...@gmail.com>
Subject Fwd: [eclipse-dev] Notice that Eclipse Platform plans to no longer provide MD5 and SHA1 checksums for Neon (but still SHA512)
Date Tue, 10 May 2016 00:51:45 GMT
Should we follow suit?

Gary

---------- Forwarded message ----------
From: David M Williams <david_williams@us.ibm.com>
Date: Mon, May 9, 2016 at 5:37 PM
Subject: [eclipse-dev] Notice that Eclipse Platform plans to no longer
provide MD5 and SHA1 checksums for Neon (but still SHA512)
To: eclipse-dev@eclipse.org, equinox-dev@eclipse.org,
cross-project-issues-dev@eclipse.org


The topic of this note is about the downloads and checksums obtained
directly from the the Eclipse Project. It does not involve the checksums
from the "select a mirror" page -- that is controlled by the Eclipse
Foundation -- nor any of the packages downloaded from
http://www.eclipse.org/downloads-- also controlled by the Eclipse
Foundation.  My intuition is that few "casual users" use our checksums but
some adopters or committers might use them in automated scripts or builds.

If any of you do get checksums directly from
.../eclipse/downloads/drops4/<buildid>/checksum/... then this note is for
you.

We announced in Luna we would "stop producing MD5 and SHA1 checksums" after
Luna's release (*Bug 423714*
<https://bugs.eclipse.org/bugs/show_bug.cgi?id=423714>)... and I am just
now getting around to it. Since it has been a long time since that
announcement, and since we are late in this cycle, I am cross-posting to 3
lists to be sure those that might be impacted will be notified.

We will continue to provide SHA512 checksums and I recently decided to also
provide SHA256 checksums since SHA256 seems to be popular "in the
industry".

This RC1 effort is documented in *Bug 454784*
<https://bugs.eclipse.org/bugs/show_bug.cgi?id=454784>. If the removal of
the MD5 and SHA1 checksums would unduly burden anyone, please say so in
that *Bug 454784* <https://bugs.eclipse.org/bugs/show_bug.cgi?id=454784> and
we would be happy to accommodate.

I will soon be updating our wiki on *How to verify a download*
<http://wiki.eclipse.org/Platform-releng/How_to_check_integrity_of_downloads>
to contain accurate information for Neon, but wanted to get this notice out
now so if you are negatively impacted you would have time to say so.

Thank you,






_______________________________________________
eclipse-dev mailing list
eclipse-dev@eclipse.org
To change your delivery options, retrieve your password, or unsubscribe
from this list, visit
https://dev.eclipse.org/mailman/listinfo/eclipse-dev



-- 
E-Mail: garydgregory@gmail.com | ggregory@apache.org
Java Persistence with Hibernate, Second Edition
<http://www.manning.com/bauer3/>
JUnit in Action, Second Edition <http://www.manning.com/tahchiev/>
Spring Batch in Action <http://www.manning.com/templier/>
Blog: http://garygregory.wordpress.com
Home: http://garygregory.com/
Tweet! http://twitter.com/GaryGregory

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message