[ https://issues.apache.org/jira/browse/BEAM-4524?focusedWorklogId=166624&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-166624 ]
ASF GitHub Bot logged work on BEAM-4524: ---------------------------------------- Author: ASF GitHub Bot Created on: 15/Nov/18 19:55 Start Date: 15/Nov/18 19:55 Worklog Time Spent: 10m Work Description: angoenka commented on a change in pull request #7049: [BEAM-4524] Use SHA256 for artifact validation URL: https://github.com/apache/beam/pull/7049#discussion_r233986710 ########## File path: sdks/go/pkg/beam/artifact/gcsproxy/staging.go ########## @@ -18,8 +18,9 @@ package gcsproxy import ( "bytes" - "crypto/md5" + "crypto/sha256" "encoding/base64" Review comment: No, we don't need it. I must have missed removing it. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 166624) Time Spent: 3h 10m (was: 3h) > We should not be using md5 to validate artifact integrity. > ---------------------------------------------------------- > > Key: BEAM-4524 > URL: https://issues.apache.org/jira/browse/BEAM-4524 > Project: Beam > Issue Type: Task > Components: beam-model > Reporter: Robert Bradshaw > Priority: Major > Time Spent: 3h 10m > Remaining Estimate: 0h > > https://github.com/apache/beam/blob/6f239498e676f471427e17abc4bc5cffba9887c5/model/job-management/src/main/proto/beam_artifact_api.proto#L63 > Something like sha256 would probably be sufficient. > https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues -- This message was sent by Atlassian JIRA (v7.6.3#76005)