Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Newcomers » Newcomers » How do I report a Security Risk on the Website itself?
How do I report a Security Risk on the Website itself? [message #1804179] Wed, 20 March 2019 05:12 Go to next message
Nasuki Matamoto is currently offline Nasuki MatamotoFriend
Messages: 29
Registered: November 2014
Junior Member
I first started to "report a bug" but their was no choice to report a problem with the website. The issue is that only MD5 and SHA1 hashes are offered, but these are vulnerable. MD5 can be compromised with a few thousand in computer equipment, and according to Google, SHA1 can be forged as well.

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Eclipse should be publishing a SHA-256 or SHA-512 hash for each download, like Oracle.

[Updated on: Wed, 20 March 2019 05:14]

Report message to a moderator

Re: How do I report a Security Risk on the Website itself? [message #1804181 is a reply to message #1804179] Wed, 20 March 2019 05:42 Go to previous message
Ed Merks is currently offline Ed MerksFriend
Messages: 30653
Registered: July 2009
Senior Member
The following is the general Bugzilla URL for the website authored by the Eclipse Foundation itself:

https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=Website

But many projects also contribute to the website.

Certainly on this page I see SHA 512:

https://www.eclipse.org/downloads/download.php?file=/oomph/epp/2018-12/R/eclipse-inst-win64.exe

But on the individual packages I only see SHA1 and MD5:

https://www.eclipse.org/downloads/packages/release/2018-12/r/eclipse-ide-java-developers

So I suppose that's what you mean. In your Bug report, please be explicit on which page(s) you see issues.
Previous Topic:Send signal(message) to a capsule from external process
Next Topic:Offline Plugin Install
Goto Forum:
  


Current Time: Thu Nov 21 15:55:13 GMT 2019

Powered by FUDForum. Page generated in 0.02407 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top