Community
Participate
Working Groups
Build Identifier: 20100617-1415 The MD5 for eclipse-jee-helios-macosx-cocoa-x86_64.tar from my Macintosh computes 4a0c879e4d731f6bd744657d4558e98c as the checksum. However this does not match what is specified on the MD5 link which is given as 0e6b7dc34a0891fe6d7d4356799d8100 Could it be that the checksum is computed on the gz file and not the tar file? This problem could mean that security has been breached. I tried downloading the file from two different mirror sites with the same results. Reproducible: Always Steps to Reproduce: 1.Download the file 2.Run md5 on the file 3.Compare the checksums
I would have thought it _should_ be computed on the gz file ... that is, computed on exactly what is downloaded. Is that not the case?
Yes, the full contents of MD5 "file" mentions the gz file ... 0e6b7dc34a0891fe6d7d4356799d8100 eclipse-jee-helios-macosx-cocoa-x86_64.tar.gz ... so this is working as designed. Let us know if I've misunderstood, or if other sites use other conventions which we should consider.
Yes, that works as designed - it is a checksum that is provided for the *file* which happens to be a tar.gz file. You can always check if it is valid with a simple mknauer@build:~/downloads/technology/epp/downloads/release/helios/R> md5sum -c eclipse-jee-helios-macosx-cocoa-x86_64.tar.gz.md5 eclipse-jee-helios-macosx-cocoa-x86_64.tar.gz: OK (given that you have both, the *.tar.gz file and the *.tar.gz.md5 file in the same directory)
