GitHub user FSchumacher opened a pull request: https://github.com/apache/jmeter/pull/405
Use SHA-512 checksums instead of MD5 to verify jar downloads ## Description Change the checksums for the downloaded jars from MD5 to SHA-512. ## Motivation and Context MD5 is considered broken, so we should verify downloaded artefacts for our build process with a non broken checksum. SHA-512 is considered safe -- at the moment. ## How Has This Been Tested? `ant download_jars` and other download targets have been run without problems. ## Screenshots (if appropriate): ## Types of changes <!--- What types of changes does your code introduce? Delete as appropriate --> - Bug fix (non-breaking change which fixes an issue) ## Checklist: <!--- Go over all the following points, and put an `x` in all the boxes that apply. --> <!--- If you're unsure about any of these, don't hesitate to ask. We're here to help! --> - [x] My code follows the [code style][style-guide] of this project. - [ ] I have updated the documentation accordingly. No documentation found for the old md5 checksums construct. [style-guide]: https://wiki.apache.org/jmeter/CodeStyleGuidelines You can merge this pull request into a Git repository by running: $ git pull https://github.com/FSchumacher/jmeter sha-for-downloads Alternatively you can review and apply these changes as the patch at: https://github.com/apache/jmeter/pull/405.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #405 ---- commit 0341693b24d868e9d5e70a121463feed375934fa Author: Felix Schumacher <felix.schumacher@...> Date: 2018-10-11T19:00:52Z Use SHA-512 checksums instead of MD5 to verify jar downloads ---- ---