On Fri, May 18, 2018 at 9:36 AM, sebb <seb...@gmail.com> wrote: > On 18 May 2018 at 16:30, Gary Gregory <garydgreg...@gmail.com> wrote: > > Hi All: > > > > Eclipse is moving to SHA-256 to validate downloads [1] alongside MD5. > > > > We just updated to SHA-1 which apparently has been subject to a collision > > attack [2]. > > > > Our newish commons-release-plugin has just been updated to SHA-1. > > > > I'd like to add SHA-256 alongside SHA-1. > > > > Thoughts? > > Does Nexus support SHA-256? > > ISTR that there were some issues with it. >
Hard to say without trying: - No: https://issues.sonatype.org/browse/NEXUS-5881 - Yes: https://books.sonatype.com/nexus-book/3.4/reference/using.html#_search_criteria_and_component_attributes _But_, it would be a start to include SHA-256 in VOTE emails, which I am working on with Rob to generate based on a template. That would give RC reviewers the opportunity to validate RC downloads from dist with SHA-1 or SHA-256. Gary > > [1] > > https://www.eclipse.org/eclipse/news/4.8/platform_isv. > php#equinox-sha-256-checksum > > [2] > > https://arstechnica.com/information-technology/2017/ > 02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@commons.apache.org > For additional commands, e-mail: dev-h...@commons.apache.org > >