Bug 103971 - Add an additional checksum to the downloads pages
Summary: Add an additional checksum to the downloads pages
Status: RESOLVED FIXED
Alias: None
Product: Platform
Classification: Eclipse Project
Component: Releng (show other bugs)
Version: 3.1   Edit
Hardware: PC Windows 2000
: P3 normal (vote)
Target Milestone: 3.3   Edit
Assignee: Haytham Yassine CLA
QA Contact:
URL:
Whiteboard:
Keywords: contributed
Depends on:
Blocks:
 
Reported: 2005-07-15 04:32 EDT by Neil Greenwood CLA
Modified: 2006-09-08 10:10 EDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Neil Greenwood CLA 2005-07-15 04:32:39 EDT 
The downloads pages currently include MD5 checksums for the downloads. However,
with the recent attacks against MD5, this is no longer a good guarantee that the
download has not been replaced with a trojan horse.
Adding another checksum (e.g. SHA-1) *in addition* to the MD5 checksum will
vastly increase the reliability of the guarantee (it is very difficult to have a
trojan horse that can simultaneously match both MD5 and SHA-1 checksums).
Using SHA-1 *instead* of MD5 is not sufficient, since there are also attacks on
this algorithm.
Comment 1 Eclipse Webmaster CLA 2005-07-15 07:23:15 EDT 
Reassigning to Platform Releng. They own the platform download pages.

D.
Comment 2 Kim Moir CLA 2006-07-06 09:27:59 EDT 
Hi Haytham,

When you have finished the other bugs, could you take a look at this one?

thanks   :-)
Comment 3 Kim Moir CLA 2006-09-08 10:10:09 EDT 
Haytham fixed this, I merged his changes into HEAD for 3.3 builds.