I understand that choosing to deploy bigfix with required SHA256 download or not is optional; however if HCL chooses to deploy fixlets which do not support SHA256 hashes then enabling the enhanced download security will break several fixlets and overall reduces the value of the product.
I like many others would prefer to enforce the SHA256 only download requirement, however there is still alot of content in various sites which does not have SHA256 hashes.
The bigger issue for the O365 fixlet mentioned above is the fact that the action for no hash checking does not work the same as the others. I normally uses Action 5, it typically only downloads 5-7 files, when i choose Action 6 it downloads every single file reference in the action over 70 and covers every language over the globe.
It would be nice if the nohash check action downloaded only the limited number of files as the other actions.
- Might be worth an enhancement request to allow for enforcement of SHA256 hash per site, so that custom sites and other sites which have been validated to only have SHA256 could have that level of enforcement while others dont break, and allow for a slow migration of the external sites to better signatures.