Geoff Macartney created BROOKLYN-597:
----------------------------------------
Summary: Remove MD5 and SHA-1 checksums
Key: BROOKLYN-597
URL: https://issues.apache.org/jira/browse/BROOKLYN-597
Project: Brooklyn
Issue Type: Improvement
Affects Versions: 0.12.0
Reporter: Geoff Macartney
Per the recently updated Apache Release Distribution Policy,
[https://www.apache.org/dev/release-distribution], we should remove the
generation and checking of MD5 and SHA-1 checksums from brooklyn-dist/release
before we do another release, presumably 1.0.
The relevant wording is
{quote}For every artifact distributed to the public through Apache channels,
the PMC
* MUST supply a
[valid|https://www.apache.org/dev/release-signing#verifying-signature]
[OpenPGP-compatible ASCII-armored detached
signature|https://www.apache.org/dev/release-signing#openpgp-ascii-detach-sig]
file
* MUST supply at least one checksum file
* SHOULD supply a [SHA-256 and/or
SHA-512|https://www.apache.org/dev/release-signing#sha-checksum] checksum file
* SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are deprecated)
For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT
supply MD5 or SHA-1. Existing releases do not need to be changed.
{quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
