https://issues.apache.org/bugzilla/show_bug.cgi?id=57344
--- Comment #4 from Konstantin Kolinko <knst.koli...@gmail.com> --- > No objections but what is the benefit? My concern is that there have been actual malware that exploited weakness in MD5 (Flame, as mentioned in Wikipedia article on MD5). As such I think that md5 is not enough to verify a file integrity. https://en.wikipedia.org/wiki/MD5 > Re sha2: > 1. As above. What is the benefit. I am neutral on sha2. I just think that it is easier to add it now while this task is in our scope. > 4. The same format as we do for sha1 unless there is a good reason not to. Ack. I am opting for "{hash} *{filename}" format then. Apache Ant can be used to validate it, among other options. Thank you for your review. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
