[ALL] SHA-1 vs. SHA-256

Fri, 18 May 2018 08:30:58 -0700 

Hi All:

Eclipse is moving to SHA-256 to validate downloads [1] alongside MD5.

We just updated to SHA-1 which apparently has been subject to a collision
attack [2].

Our newish commons-release-plugin has just been updated to SHA-1.

I'd like to add SHA-256 alongside SHA-1.

Thoughts?

[1]
https://www.eclipse.org/eclipse/news/4.8/platform_isv.php#equinox-sha-256-checksum
[2]
https://arstechnica.com/information-technology/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/

Reply via email to