Robert Kanter created OOZIE-3189: ------------------------------------ Summary: Update the release script and wiki page to use sha512 instead of md5 Key: OOZIE-3189 URL: https://issues.apache.org/jira/browse/OOZIE-3189 Project: Oozie Issue Type: Improvement Components: scripts Reporter: Robert Kanter Assignee: Robert Kanter Fix For: 5.0.0
Apache has updated it's policy on the release signatures, as per it's website [here|https://www.apache.org/dev/release-distribution#sigs-and-sums] and a recent email. Basically, all future releases should be providing a sha512 checksum instead of an md5 one. There are two tasks: # Update the release script to use sha512 instead of md5 https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71 # Update the wiki (requires committer/pmc permissions?) https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release While we're updating the wiki, we should add details on: # Making sure the gpg key used for signing releases is 4096 bit RSA # Publishing your gpgp public key to a key server (https://www.apache.org/dev/release-signing#keyserver) -- This message was sent by Atlassian JIRA (v7.6.3#76005)