Robert Kanter created OOZIE-3189:
------------------------------------
Summary: Update the release script and wiki page to use sha512
instead of md5
Key: OOZIE-3189
URL: https://issues.apache.org/jira/browse/OOZIE-3189
Project: Oozie
Issue Type: Improvement
Components: scripts
Reporter: Robert Kanter
Assignee: Robert Kanter
Fix For: 5.0.0
Apache has updated it's policy on the release signatures, as per it's website
[here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a
recent email. Basically, all future releases should be providing a sha512
checksum instead of an md5 one.
There are two tasks:
# Update the release script to use sha512 instead of md5
https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71
# Update the wiki (requires committer/pmc permissions?)
https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release
While we're updating the wiki, we should add details on:
# Making sure the gpg key used for signing releases is 4096 bit RSA
# Publishing your gpgp public key to a key server
(https://www.apache.org/dev/release-signing#keyserver)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
