Generating MD5 from the build script sounds like a great idea. Maybe I'm off here but doesn't the release signing process need stronger digest (SHA512)? More info here [1].
Thanks, Nitin [1] http://www.apache.org/dev/release-signing.html#sha-checksum ________________________________________ From: Dan Smith <[email protected]> Sent: Monday, January 11, 2016 5:29 PM To: geode Subject: Re: checksum files for distributions Looks pretty good. You could consider just using the ant checksum task instead of rolling your own: ant.checksum file: archive.archivePath Also, matching on the name of the gradle task seems a little kludgy. Maybe just use withType tasks.withType(Zip) ... tasks.withType(Tar) ... On Mon, Jan 11, 2016 at 4:35 PM, Anthony Baker <[email protected]> wrote: > The gemfire-assembly build file produces source and binary distributions > in both tar and zip format. I think we need checksum files (md5 / sha1) in > order to publish these. I uploaded a patch at > https://issues.apache.org/jira/browse/GEODE-775. > > Please let me know what you think. > > Anthony > >
