https://bz.apache.org/bugzilla/show_bug.cgi?id=57344
Konstantin Kolinko knst.koli...@gmail.com changed:
What|Removed |Added
Resolution|--- |FIXED
https://issues.apache.org/bugzilla/show_bug.cgi?id=57344
--- Comment #7 from Konstantin Kolinko knst.koli...@gmail.com ---
Created attachment 32287
-- https://issues.apache.org/bugzilla/attachment.cgi?id=32287action=edit
2014-12-14_tc6_57344_sha1.patch
Patch for Tomcat 6.
Add sha1 checksums. I
https://issues.apache.org/bugzilla/show_bug.cgi?id=57344
--- Comment #4 from Konstantin Kolinko knst.koli...@gmail.com ---
No objections but what is the benefit?
My concern is that there have been actual malware that exploited weakness in
MD5 (Flame, as mentioned in Wikipedia article on MD5).
https://issues.apache.org/bugzilla/show_bug.cgi?id=57344
Konstantin Kolinko knst.koli...@gmail.com changed:
What|Removed |Added
Component|Packaging
https://issues.apache.org/bugzilla/show_bug.cgi?id=57344
--- Comment #6 from Konstantin Kolinko knst.koli...@gmail.com ---
A note on backporting to Tomcat 6:
1) GPG support (target name=sign) does not exist in Tomcat 6. I think it
makes sense to backport that as well.
Revisions for this feature
https://issues.apache.org/bugzilla/show_bug.cgi?id=57344
--- Comment #3 from Mark Thomas ma...@apache.org ---
+0 to the patch. No objections but what is the benefit?
Re sha2:
1. As above. What is the benefit.
2. I'm less concerned about what other ASF projects are doing and more
concerned about
https://issues.apache.org/bugzilla/show_bug.cgi?id=57344
--- Comment #1 from Konstantin Kolinko knst.koli...@gmail.com ---
Created attachment 32286
-- https://issues.apache.org/bugzilla/attachment.cgi?id=32286action=edit
2014-12-12_tc9_57344_sha1.patch
--
You are receiving this mail because:
https://issues.apache.org/bugzilla/show_bug.cgi?id=57344
Christopher Schultz ch...@christopherschultz.net changed:
What|Removed |Added
OS|
