Signature of EXEs (dlls too?) are only SHA1
Summary
The signing service provides signed EXEs that are SHA1 signed (According to this bug report).
Is SHA256/512 signed certificates an option that users of CBI need to enable, or is this something that needs to be implemented, or is this even an thing?
Steps to reproduce
- Downloaded the installer from https://www.eclipse.org/downloads/download.php?file=/oomph/epp/2022-09/R/eclipse-inst-jre-win64.exe (link from https://www.eclipse.org/downloads/packages/)
- Right-click (presumably) on the exe and check security tab (screenshot from user's bug report):
What is the current bug behavior?
SHA1
What is the expected correct behavior?
SHA256?
Relevant logs and/or screenshots
Priority
- Urgent
- High
- Medium
- Low
Severity
- Blocker
- Major
- Normal
- Low