[
https://issues.apache.org/jira/browse/BEAM-4524?focusedWorklogId=166267&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-166267
]
ASF GitHub Bot logged work on BEAM-4524:
----------------------------------------
Author: ASF GitHub Bot
Created on: 15/Nov/18 04:49
Start Date: 15/Nov/18 04:49
Worklog Time Spent: 10m
Work Description: lostluck edited a comment on issue #7049: [BEAM-4524]
Use SHA256 for artifact validation
URL: https://github.com/apache/beam/pull/7049#issuecomment-438916096
LGTM assuming the Go PostCommit passes.
Edit: Which failed as soon as I commented.
It seems to be failing from the databaseio PR from earlier. We probably need
to update the go gradlew file with a version hash of the assert library
they're using in there.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 166267)
Time Spent: 2h 50m (was: 2h 40m)
> We should not be using md5 to validate artifact integrity.
> ----------------------------------------------------------
>
> Key: BEAM-4524
> URL: https://issues.apache.org/jira/browse/BEAM-4524
> Project: Beam
> Issue Type: Task
> Components: beam-model
> Reporter: Robert Bradshaw
> Priority: Major
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> https://github.com/apache/beam/blob/6f239498e676f471427e17abc4bc5cffba9887c5/model/job-management/src/main/proto/beam_artifact_api.proto#L63
> Something like sha256 would probably be sufficient.
> https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
