The topic of this note is about the downloads
and checksums obtained directly from the the Eclipse Project. It does not
involve the checksums from the "select a mirror" page -- that
is controlled by the Eclipse Foundation -- nor any of the packages downloaded
from http://www.eclipse.org/downloads-- also controlled by the Eclipse Foundation. My intuition is that
few "casual users" use our checksums but some adopters or committers
might use them in automated scripts or builds.
If any of you do get checksums directly
from .../eclipse/downloads/drops4/<buildid>/checksum/... then this
note is for you.
We announced in Luna we would "stop
producing MD5 and SHA1 checksums" after Luna's release (Bug 423714)... and I am just now getting around to it. Since it has been a long time
since that announcement, and since we are late in this cycle, I am cross-posting
to 3 lists to be sure those that might be impacted will be notified.
We will continue to provide SHA512 checksums
and I recently decided to also provide SHA256 checksums since SHA256 seems
to be popular "in the industry".
This RC1 effort is documented in Bug 454784.
If the removal of the MD5 and SHA1 checksums would unduly burden anyone,
please say so in that Bug 454784 and we would be happy to accommodate.
I will soon be updating our wiki on How
to verify a download to contain accurate information
for Neon, but wanted to get this notice out now so if you are negatively
impacted you would have time to say so.