Replace md5 by secure hash algorithm like sha256

Question

thardeck opened this issue 7 years ago · 3 comments

Are there any plans to replace the insecure md5 hash algorithm in the packager by a secure one like sha256?

Answer 1 · 2017-10-12T12:17:45.000Z

We have created an issue in Pivotal Tracker to manage this:

The labels on this github issue will be updated when the story is started.

Answer 2 · 2017-10-16T21:19:55.000Z

Yes, eventually we plan to do this. I'll prioritize this story so you can follow it in our backlog.

Answer 3 · 2017-10-31T19:55:08.000Z

@thardeck This is finished. All buildpacks use sha256 checksums on their develop branch.