[ https://issues.apache.org/jira/browse/BEAM-4524?focusedWorklogId=164284&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-164284 ]
ASF GitHub Bot logged work on BEAM-4524: ---------------------------------------- Author: ASF GitHub Bot Created on: 09/Nov/18 08:50 Start Date: 09/Nov/18 08:50 Worklog Time Spent: 10m Work Description: robertwb commented on issue #6583: [BEAM-4524] Use sha256 instead of insecure md5 for artifact checksums. URL: https://github.com/apache/beam/pull/6583#issuecomment-437291663 R: @boyuanzz ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 164284) Time Spent: 20m (was: 10m) > We should not be using md5 to validate artifact integrity. > ---------------------------------------------------------- > > Key: BEAM-4524 > URL: https://issues.apache.org/jira/browse/BEAM-4524 > Project: Beam > Issue Type: Task > Components: beam-model > Reporter: Robert Bradshaw > Priority: Major > Time Spent: 20m > Remaining Estimate: 0h > > https://github.com/apache/beam/blob/6f239498e676f471427e17abc4bc5cffba9887c5/model/job-management/src/main/proto/beam_artifact_api.proto#L63 > Something like sha256 would probably be sufficient. > https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues -- This message was sent by Atlassian JIRA (v7.6.3#76005)