GitHub user FSchumacher opened a pull request:
https://github.com/apache/jmeter/pull/405
Use SHA-512 checksums instead of MD5 to verify jar downloads
## Description
Change the checksums for the downloaded jars from MD5 to SHA-512.
## Motivation and Context
MD5 is considered broken, so we should verify downloaded artefacts for our
build process with a non broken checksum. SHA-512 is considered safe -- at the
moment.
## How Has This Been Tested?
`ant download_jars` and other download targets have been run without
problems.
## Screenshots (if appropriate):
## Types of changes
<!--- What types of changes does your code introduce? Delete as appropriate
-->
- Bug fix (non-breaking change which fixes an issue)
## Checklist:
<!--- Go over all the following points, and put an `x` in all the boxes
that apply. -->
<!--- If you're unsure about any of these, don't hesitate to ask. We're
here to help! -->
- [x] My code follows the [code style][style-guide] of this project.
- [ ] I have updated the documentation accordingly.
No documentation found for the old md5 checksums construct.
[style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/FSchumacher/jmeter sha-for-downloads
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/jmeter/pull/405.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #405
----
commit 0341693b24d868e9d5e70a121463feed375934fa
Author: Felix Schumacher <felix.schumacher@...>
Date: 2018-10-11T19:00:52Z
Use SHA-512 checksums instead of MD5 to verify jar downloads
----
---
