View Issue Details Jump to Notes ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0015060CMakeDocumentationpublic2014-08-05 10:452015-01-05 08:39
ReporterNico Schlömer 
Assigned ToBrad King 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionCMake 3.1Fixed in VersionCMake 3.1 
Summary0015060: "This is not security software." too sloppy
DescriptionIn the documentation of ExternalData <http://www.cmake.org/cmake/help/v3.0/module/ExternalData.html>, [^] the following comment appears:

> Note that the hashes are used only for unique data identification and download
> verification. This is not security software.

This is too sloppy. It should probably read something like:

Note that, while there are a feasible collision attacks on MD5, there is no known feasible second-preimage attack. MD5 is thus still considered appropriate for download verification.
TagsNo tags attached.
Attached Files

 Relationships

  Notes
(0036555)
Brad King (manager)
2014-08-05 11:17

Perhaps it is best to simply drop the "This is not security software." sentence and let people do their own research into the current strength of each hash algorithm. Otherwise any claim we state may be outdated later.
(0036556)
Nico Schlömer (reporter)
2014-08-05 11:18

Even better.
(0036557)
Brad King (manager)
2014-08-05 11:31

Done, thanks:

 ExternalData: Drop 'not security software' disclaimer
 http://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=f2ccc14b [^]
(0037610)
Robert Maynard (manager)
2015-01-05 08:39

Closing resolved issues that have not been updated in more than 4 months

 Issue History
Date Modified Username Field Change
2014-08-05 10:45 Nico Schlömer New Issue
2014-08-05 11:17 Brad King Note Added: 0036555
2014-08-05 11:18 Nico Schlömer Note Added: 0036556
2014-08-05 11:31 Brad King Note Added: 0036557
2014-08-05 11:31 Brad King Assigned To => Brad King
2014-08-05 11:31 Brad King Status new => assigned
2014-08-05 11:31 Brad King Target Version => CMake 3.1
2014-08-07 12:42 Brad King Status assigned => resolved
2014-08-07 12:42 Brad King Resolution open => fixed
2014-08-07 12:42 Brad King Fixed in Version => CMake 3.1
2015-01-05 08:39 Robert Maynard Note Added: 0037610
2015-01-05 08:39 Robert Maynard Status resolved => closed


Copyright © 2000 - 2018 MantisBT Team