jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] [jmeter] vlsi commented on pull request #641: update xercesImpl to 2.12.1 (from 2.12.0)
Date Wed, 27 Jan 2021 19:50:02 GMT

vlsi commented on pull request #641:
URL: https://github.com/apache/jmeter/pull/641#issuecomment-768535255


   Ah, the library was published by @apupier somehow manually (see https://issues.apache.org/jira/browse/XERCESJ-1724)
   It is sad Xerces PMC does not publish jars to repository.apache.org :-/
   
   On the other hand, the file at Central is the same as the one in the official release:
   
   
   ```
   $ openssl dgst -sha512 Xerces-J-bin.2.12.1.zip
   SHA512(Xerces-J-bin.2.12.1.zip)= 318222b084e2882b16d230a70d0811882d2e46b0e63e8262098e952d25c9caebf32b40c0d0a1ed68a787f6dd017b5a4fa805c00889429115462dfb2e268a8b28
   
   # jar from the official release
   $ openssl dgst -sha512 xercesImpl.jar
   SHA512(xercesImpl.jar)= 811afd85cdd19545785fde7fb39511f1e171e1d021a96117d105e2b2f37715536e17259e6ad0ce897b4c7c8a5bd1e88c9fa0825b0a2ef9f3956cd82944a33957
   ```
   
   ```
   # jar from OSSRH
   $ openssl dgst -sha512 xercesImpl-2.12.1.jar
   SHA512(xercesImpl-2.12.1.jar)= 811afd85cdd19545785fde7fb39511f1e171e1d021a96117d105e2b2f37715536e17259e6ad0ce897b4c7c8a5bd1e88c9fa0825b0a2ef9f3956cd82944a33957
   ```
   
   So I agree we should use SHA512, and we should use SHA512 for all other xerces jars.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



Mime
View raw message