[jira] [Work logged] (BEAM-4524) We should not be using md5 to validate artifact integrity.

Fri, 16 Nov 2018 09:54:47 -0800 


     [ 
https://issues.apache.org/jira/browse/BEAM-4524?focusedWorklogId=166975&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-166975
 ]

ASF GitHub Bot logged work on BEAM-4524:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 16/Nov/18 17:46
            Start Date: 16/Nov/18 17:46
    Worklog Time Spent: 10m 
      Work Description: swegner commented on issue #7049: [BEAM-4524] Use 
SHA256 for artifact validation
URL: https://github.com/apache/beam/pull/7049#issuecomment-439471948
 
 
   This PR was rolled back in PR #7067 due to java post-commit regression 
according to our [rollback-first 
policy](https://beam.apache.org/contribute/postcommits-policies-details/index.html#rollback_first).
 
   
   You can roll-forward by reverting the rollback commit (`git revert 
1b241f9517342c73ed2f0a73251858ee67c7e191`), and then build your fix on top of 
it. Be sure to run Java post-commit tests on your fix ("Run Java PostCommit")
   
   For more information, see the post-commit test guide, ["My change was rolled 
back due to a test 
failure"](https://beam.apache.org/contribute/postcommits-policies/#pr-rolled-back).
 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


Issue Time Tracking
-------------------

    Worklog Id:     (was: 166975)
    Time Spent: 4h 20m  (was: 4h 10m)

> We should not be using md5 to validate artifact integrity.
> ----------------------------------------------------------
>
>                 Key: BEAM-4524
>                 URL: https://issues.apache.org/jira/browse/BEAM-4524
>             Project: Beam
>          Issue Type: Task
>          Components: beam-model
>            Reporter: Robert Bradshaw
>            Priority: Major
>          Time Spent: 4h 20m
>  Remaining Estimate: 0h
>
> https://github.com/apache/beam/blob/6f239498e676f471427e17abc4bc5cffba9887c5/model/job-management/src/main/proto/beam_artifact_api.proto#L63
> Something like sha256 would probably be sufficient. 
> https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to