[jira] [Commented] (CASSANDRA-14970) New releases must supply SHA-256 and/or SHA-512 checksums

Tue, 05 Feb 2019 02:08:18 -0800 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-14970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16760656#comment-16760656
 ] 

mck commented on CASSANDRA-14970:
---------------------------------

[~mshuler],
 since the sha256/512 checksums are only required on the non-maven artefacts, 
can we not solve this by publishing these pre-vote artefacts to 
https://dist.apache.org/repos/dist/dev/cassandra/ ?

This also simplifies the post-vote step of publishing these artefacts, as it's 
simply executing the command:
{{svn mv https://dist.apache.org/repos/dist/dev/cassandra/<version> 
https://dist.apache.org/repos/dist/release/cassandra/}}

This is also the recommended approach, since people.apache.org as a hosting 
destination for pre-vote artefacts was deprecated a number of years ago, and 
why I added it to 
http://cassandra.apache.org/doc/latest/development/release_process.html#sign-and-upload-distribution-packages-to-bintray


> New releases must supply SHA-256 and/or SHA-512 checksums
> ---------------------------------------------------------
>
>                 Key: CASSANDRA-14970
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-14970
>             Project: Cassandra
>          Issue Type: Bug
>          Components: Packaging
>            Reporter: Michael Shuler
>            Assignee: Michael Shuler
>            Priority: Blocker
>             Fix For: 2.2.15, 3.0.19, 3.11.5, 4.0
>
>         Attachments: 
> 0001-Update-downloads-for-sha256-sha512-checksum-files.patch, 
> 0001-Update-release-checksum-algorithms-to-SHA-256-SHA-512.patch, 
> ant-publish-checksum-fail.jpg, build_cassandra-2.1.png, build_trunk.png
>
>
> Release policy was updated around 9/2018 to state:
> "For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT 
> supply MD5 or SHA-1. Existing releases do not need to be changed."
> build.xml needs to be updated from MD5 & SHA-1 to, at least, SHA-256 or both. 
> cassandra-builds/cassandra-release scripts need to be updated to work with 
> the new checksum files.
> http://www.apache.org/dev/release-distribution#sigs-and-sums



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to