Skip to main content


Eclipse Community Forums

      Home
Home » Newcomers » Newcomers » How do I report a Security Risk on the Website itself?
How do I report a Security Risk on the Website itself? [message #1804179] Wed, 20 March 2019 01:12 Go to next message
Eclipse UserFriend
I first started to "report a bug" but their was no choice to report a problem with the website. The issue is that only MD5 and SHA1 hashes are offered, but these are vulnerable. MD5 can be compromised with a few thousand in computer equipment, and according to Google, SHA1 can be forged as well.

https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

Eclipse should be publishing a SHA-256 or SHA-512 hash for each download, like Oracle.

[Updated on: Wed, 20 March 2019 01:14] by Moderator

Re: How do I report a Security Risk on the Website itself? [message #1804181 is a reply to message #1804179] Wed, 20 March 2019 01:42 Go to previous message
Eclipse UserFriend
The following is the general Bugzilla URL for the website authored by the Eclipse Foundation itself:

https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Community&component=Website

But many projects also contribute to the website.

Certainly on this page I see SHA 512:

https://www.eclipse.org/downloads/download.php?file=/oomph/epp/2018-12/R/eclipse-inst-win64.exe

But on the individual packages I only see SHA1 and MD5:

https://www.eclipse.org/downloads/packages/release/2018-12/r/eclipse-ide-java-developers

So I suppose that's what you mean. In your Bug report, please be explicit on which page(s) you see issues.
Previous Topic:Send signal(message) to a capsule from external process
Next Topic:Debug problem
Goto Forum:
  


Current Time: Mon Jul 14 01:03:50 EDT 2025

Powered by FUDForum. Page generated in 0.09554 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly