[jira] [Updated] (ISIS-1900) [NOT A PROBLEM] Fix the release process to also generate .sha512 files

Dan Haywood (JIRA) Thu, 15 Mar 2018 02:42:06 -0700

     [ 
https://issues.apache.org/jira/browse/ISIS-1900?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Dan Haywood updated ISIS-1900:
------------------------------
    Description: 
as per updated ASF guidelines.

the .md5 are no longer required.

~~~

[https://www.apache.org/dev/release-distribution#sigs-and-sums]

For every artifact distributed to the public through Apache channels, the PMC
 * MUST supply a 
[valid|https://www.apache.org/dev/release-signing#verifying-signature] [OpenPGP 
compatible ASCII armored detached 
signature|https://www.apache.org/dev/release-signing#openpgp-ascii-detach-sig] 
file,
 * MUST supply at least one 
([SHA|https://www.apache.org/dev/release-signing#sha-checksum] or 
[MD5|https://www.apache.org/dev/release-signing#md5]) checksum file,
 * SHOULD supply a SHA-1, SHA-256 or SHA-512 checksum file,
 * SHOULD NOT supply a MD5 checksum file (because MD5 is [too 
broken|https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues]).

So, we are compliant already.

  was:
as per updated ASF guidelines.

the .md5 are no longer required.

        Summary: [NOT A PROBLEM] Fix the release process to also generate 
.sha512 files  (was: Fix the release process to also generate .sha512 files)

> [NOT A PROBLEM] Fix the release process to also generate .sha512 files
> ----------------------------------------------------------------------
>
>                 Key: ISIS-1900
>                 URL: https://issues.apache.org/jira/browse/ISIS-1900
>             Project: Isis
>          Issue Type: Task
>    Affects Versions: 1.16.2
>            Reporter: Dan Haywood
>            Priority: Major
>             Fix For: 1.16.3
>
>
> as per updated ASF guidelines.
> the .md5 are no longer required.
> ~~~
> [https://www.apache.org/dev/release-distribution#sigs-and-sums]
> For every artifact distributed to the public through Apache channels, the PMC
>  * MUST supply a 
> [valid|https://www.apache.org/dev/release-signing#verifying-signature] 
> [OpenPGP compatible ASCII armored detached 
> signature|https://www.apache.org/dev/release-signing#openpgp-ascii-detach-sig]
>  file,
>  * MUST supply at least one 
> ([SHA|https://www.apache.org/dev/release-signing#sha-checksum] or 
> [MD5|https://www.apache.org/dev/release-signing#md5]) checksum file,
>  * SHOULD supply a SHA-1, SHA-256 or SHA-512 checksum file,
>  * SHOULD NOT supply a MD5 checksum file (because MD5 is [too 
> broken|https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues]).
> So, we are compliant already.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Updated] (ISIS-1900) [NOT A PROBLEM] Fix the release process to also generate .sha512 files

Reply via email to