Skip to main content

Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Newcomers » Newcomers » How do I report a Security Risk on the Website itself?
How do I report a Security Risk on the Website itself? [message #1804179] Wed, 20 March 2019 05:12 Go to next message
Nasuki Matamoto is currently offline Nasuki MatamotoFriend
Messages: 29
Registered: November 2014
Junior Member
I first started to "report a bug" but their was no choice to report a problem with the website. The issue is that only MD5 and SHA1 hashes are offered, but these are vulnerable. MD5 can be compromised with a few thousand in computer equipment, and according to Google, SHA1 can be forged as well.

Eclipse should be publishing a SHA-256 or SHA-512 hash for each download, like Oracle.

[Updated on: Wed, 20 March 2019 05:14]

Report message to a moderator

Re: How do I report a Security Risk on the Website itself? [message #1804181 is a reply to message #1804179] Wed, 20 March 2019 05:42 Go to previous message
Ed Merks is currently offline Ed MerksFriend
Messages: 30653
Registered: July 2009
Senior Member
The following is the general Bugzilla URL for the website authored by the Eclipse Foundation itself:

But many projects also contribute to the website.

Certainly on this page I see SHA 512:

But on the individual packages I only see SHA1 and MD5:

So I suppose that's what you mean. In your Bug report, please be explicit on which page(s) you see issues.
Previous Topic:Send signal(message) to a capsule from external process
Next Topic:Offline Plugin Install
Goto Forum:

Current Time: Thu Nov 21 15:55:13 GMT 2019

Powered by FUDForum. Page generated in 0.02407 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top