Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cross-project-issues-dev] Notice that Eclipse Platform plans to no longer provide MD5 and SHA1 checksums for Neon (but still SHA512)

The topic of this note is about the downloads and checksums obtained directly from the the Eclipse Project. It does not involve the checksums from the "select a mirror" page -- that is controlled by the Eclipse Foundation -- nor any of the packages downloaded from also controlled by the Eclipse Foundation.  My intuition is that few "casual users" use our checksums but some adopters or committers might use them in automated scripts or builds.

If any of you do get checksums directly from .../eclipse/downloads/drops4/<buildid>/checksum/... then this note is for you.

We announced in Luna we would "stop producing MD5 and SHA1 checksums" after Luna's release (Bug 423714)... and I am just now getting around to it. Since it has been a long time since that announcement, and since we are late in this cycle, I am cross-posting to 3 lists to be sure those that might be impacted will be notified.

We will continue to provide SHA512 checksums and I recently decided to also provide SHA256 checksums since SHA256 seems to be popular "in the industry".

This RC1 effort is documented in Bug 454784. If the removal of the MD5 and SHA1 checksums would unduly burden anyone, please say so in that Bug 454784 and we would be happy to accommodate.

I will soon be updating our wiki on How to verify a download to contain accurate information for Neon, but wanted to get this notice out now so if you are negatively impacted you would have time to say so.

Thank you,

Back to the top