Eclipse Community Forums: Newcomers » How do I report a Security Risk on the Website itself?

Search

Help

Login

Home » Newcomers » Newcomers » How do I report a Security Risk on the Website itself?

Show: Today's Messages :: Show Polls :: Message Navigator

Switch to threaded view of this topic

Create a new topic

Submit Reply

How do I report a Security Risk on the Website itself? [message #1804179]

Wed, 20 March 2019 05:12

ihave question is currently offline

Friend

Messages: 32
Registered: November 2014

Member

I first started to "report a bug" but their was no choice to report a problem with the website. The issue is that only MD5 and SHA1 hashes are offered, but these are vulnerable. MD5 can be compromised with a few thousand in computer equipment, and according to Google, SHA1 can be forged as well.

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Eclipse should be publishing a SHA-256 or SHA-512 hash for each download, like Oracle.

[Updated on: Wed, 20 March 2019 05:14]

Report message to a moderator

Re: How do I report a Security Risk on the Website itself? [message #1804181 is a reply to message #1804179]

Wed, 20 March 2019 05:42

Ed Merks is currently offline

Friend

Messages: 33142
Registered: July 2009

Senior Member

The following is the general Bugzilla URL for the website authored by the Eclipse Foundation itself:

https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=Website

But many projects also contribute to the website.

Certainly on this page I see SHA 512:

https://www.eclipse.org/downloads/download.php?file=/oomph/epp/2018-12/R/eclipse-inst-win64.exe

But on the individual packages I only see SHA1 and MD5:

https://www.eclipse.org/downloads/packages/release/2018-12/r/eclipse-ide-java-developers

So I suppose that's what you mean. In your Bug report, please be explicit on which page(s) you see issues.

Ed Merks
Professional Support: https://www.macromodeling.com/

Report message to a moderator

Switch to threaded view of this topic

Create a new topic

Submit Reply

Previous Topic:	Send signal(message) to a capsule from external process
Next Topic:	Debug problem

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Apr 26 18:58:26 GMT 2024

Powered by FUDForum. Page generated in 0.07540 seconds

.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top