[cmake-developers] [CMake 0015060]: "This is not security software." too sloppy
Mantis Bug Tracker
mantis at public.kitware.com
Tue Aug 5 10:45:01 EDT 2014
The following issue has been SUBMITTED.
======================================================================
http://www.cmake.org/Bug/view.php?id=15060
======================================================================
Reported By: Nico Schlömer
Assigned To:
======================================================================
Project: CMake
Issue ID: 15060
Category: Documentation
Reproducibility: have not tried
Severity: minor
Priority: normal
Status: new
======================================================================
Date Submitted: 2014-08-05 10:45 EDT
Last Modified: 2014-08-05 10:45 EDT
======================================================================
Summary: "This is not security software." too sloppy
Description:
In the documentation of ExternalData
<http://www.cmake.org/cmake/help/v3.0/module/ExternalData.html>, the following
comment appears:
> Note that the hashes are used only for unique data identification and download
> verification. This is not security software.
This is too sloppy. It should probably read something like:
Note that, while there are a feasible collision attacks on MD5, there is no
known feasible second-preimage attack. MD5 is thus still considered appropriate
for download verification.
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2014-08-05 10:45 Nico Schlömer New Issue
======================================================================
More information about the cmake-developers
mailing list