I wanted to be sure everyone knew that
beginning with tonight's I-build (I20140519-2000), Eclipse and Equinox
have changed to provide SHA512 hashes for downloadable zips and tar files,
instead of the previous MD5 and SHA1 hash sums.
The disadvantage of using such a large
hash is that its not something you can "verify" just by "looking
at it" ... but ... insecure is insecure, and it is a pretty easy task
to automate (and is a LOT easier, once you have done that).
Now -- here's where your feedback is
needed -- we'd actually like to stop producing the MD5 and SHA1 checksums,
say, a month after Luna release ... but if if this is just too disruptive
or doesn't work for someone, please comment in Bug 423714
explaining. In the mean time, we
do not "link" to the old MD5 or SHA1 checksums from the download
page, but they are still there ... right where they always were ... to
make sure we don't suddenly break someone's scripts or builds. And if you
do rely on them now, we hope you can convert after the Luna release (if
Do feel free to comment in the bug,
if this has some negative consequence we have not anticipated ... but,
my guess is that anyone who cares about them in the first place will appreciate
My new slogan: Test early, test often,
and practice safe computing!