md5 integrity testing is insufficient

The youtrack page only gives me md5 sums, but md5 sums are totally insufficient for integrity testing. And you can't even download the files with HTTPS because your certificate is invalid (valid for and not

Please see this for an explanation and demo of how easy it is to break md5:

It is not safe these days to run downloaded software that you can't verify. Please use at least HTTPS+sha1, but preferrably sha256 or PGP signatures. It is standard practice in many other places. => provides md5, sha1, pgp => provides sha256, pgp => provides md5, pgp => fails horribly by using gpg only on the md5sums :D but there are also sha256 sums here (sums files don't need HTTPS as long as the public key to verify the signature is security acquired)
1 comment
Comment actions Permalink

Thanks for noticing this!
We work on making our downloads work via https.

Please sign in to leave a comment.