Hi, Denis Yes, we have a ticket that already takes this into account: https://issues.apache.org/jira/browse/IGNITE-5817 I think we can create both sha-256 and sha-512 checksums.
Best regards Oleg On Thu, Aug 17, 2017 at 1:51 AM, Denis Magda <[email protected]> wrote: > Igniters, especially the release managers, > > Please consider these changes and recommendations for the next release. Do > we have any ticket that already takes this into account? > > — > Denis > > > Begin forwarded message: > > > > From: "Henk P. Penning" <[email protected]> > > Subject: .sha Release Distribution Policy > > Date: August 16, 2017 at 1:55:57 AM PDT > > To: <[email protected]> > > Reply-To: [email protected] > > > > Hi PMC, > > > > The Release Distribution Policy[1] changed regarding .sha files. > > See under "Cryptographic Signatures and Checksums Requirements" [2]. > > > > Old policy : > > > > -- use extension .sha for any SHA checksum (SHA-1, SHA-256, SHA-512) > > > > New policy : > > > > -- use .sha1 for a SHA-1 checksum > > -- use .sha256 for a SHA-256 checksum > > -- use .sha512 for a SHA-512 checksum > > -- [*] .sha should contain a SHA-1 > > > > Why this change ? > > > > -- Verifying a checksum under the old policy is/was not handy. > > You have to inspect the .sha to find out which algorithm > > should be used ; or try them all (SHA-1, SHA256, etc). > > The new scheme avoids this ambiguity. > > -- The last point[*] was only added for clarity. Most of the > > old, stale .sha's contain a SHA-1. The relatively new .sha's > > contain a SHA-512. The expectation is that the last catagory will > > disappear, when active projects adapt to the 'new' convention. > > > > Impact : > > > > -- Should be none ; many projects already use the 'new' convention. > > -- Please ask your release managers to use .sha1, .sha256, .sha512 > > instead of the .sha extension. > > -- Please fix your build-tools if you have any. > > > > Piggyback : > > > > -- The policy requires a .md5 for every package ; > > providing a .sha512 is recommended. > > Since MD5 is essentially broken, it is to be expected that > > in the future a .sha512 will be required. > > Perhaps it is wize to start providing .sha512's > > with your releases if you do not already do so. > > > > -- Visit http://mirror-vm.apache.org/checker/ > > to check the health of your /dist/-area ; > > my stuff ; any feedback is most welcome. > > > > Thanks ; regards, > > > > Henk Penning > > > > [1] http://www.apache.org/dev/release-distribution > > [2] http://www.apache.org/dev/release-distribution#sigs-and-sums > > > > ------------------------------------------------------------ > > Henk P. Penning ; apache.org infrastructure volunteer. > > [email protected] ; http://mirror-vm.apache.org/~henkp/ > >
