[jbosstools-issues] [JBoss JIRA] (JBIDE-17162) Provide sha hashes for JBT/JBDS files on tools.jboss.org
Marián Labuda (JIRA)
issues at jboss.org
Fri Apr 18 04:26:33 EDT 2014
Marián Labuda created JBIDE-17162:
-------------------------------------
Summary: Provide sha hashes for JBT/JBDS files on tools.jboss.org
Key: JBIDE-17162
URL: https://issues.jboss.org/browse/JBIDE-17162
Project: Tools (JBoss Tools)
Issue Type: Enhancement
Components: website
Affects Versions: 4.2.0.Beta1
Reporter: Marián Labuda
Assignee: Nick Boldt
We are providing md5s hashes for JBT and JBDS files (archives links under Update Site Zip). Bcs. it is long known about md5 security flaws (collisions) it is recommended to use sha hashes instead.
Question is - do we provide md5 hashes only because of data integrity (if there are any missing bits after download) or we are trying to ensure security? In first case it's enough to use md5 (although there could be also hash collisions but it's unlikely). In second case there could be for example performed MITM attack (or any other...) and our files could be replaced by malformed/infected - there should be provided sha hashes instead of md5, but there still remains question if it would be enough without having not-secured web pages (without certificate) and sha links leading to sourceforge (I think that it would not be enough and hashes would have to be stored on tools.jboss.org domain).
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jbosstools-issues
mailing list