ASF GitHub Bot commented on TINKERPOP-1912:

GitHub user dkuppitz opened a pull request:


    TINKERPOP-1912 Remove MD5 checksums (tp33)

    This PR adds another step to the release process, that removes the 
auto-generated MD5 checksums, and updates the instructions about release 
artifact verifications.
    See: http://www.apache.org/dev/release-publishing.html#distribution_maven
    VOTE: +1

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/apache/tinkerpop TINKERPOP-1912-tp33

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #837
commit 0a00c913487dd1ce319329d2aa6033aea75a403d
Author: Daniel Kuppitz <daniel_kuppitz@...>
Date:   2018-04-09T18:32:38Z

    CTR: fixed minor typos in docs

commit 17bf6efe0f55b15b4bb24a371da2a96a6a8d90fd
Author: Daniel Kuppitz <daniel_kuppitz@...>
Date:   2018-04-10T20:31:47Z

    TINKERPOP-1912 Removed MD5 checksums from release


> Remove MD5 checksums
> --------------------
>                 Key: TINKERPOP-1912
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-1912
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: build-release
>    Affects Versions: 3.2.7
>            Reporter: Daniel Kuppitz
>            Assignee: Daniel Kuppitz
>            Priority: Minor
> Apache is asking to remove MD5 checksums from releases.
> *Old policy:*
>  * MUST provide a MD5-file
>  * SHOULD provide a SHA-file [SHA-512 recommended]
> *New policy:*
>  * MUST provide a SHA- or MD5-file
>  * SHOULD provide a SHA-file
>  * SHOULD NOT provide a MD5-file
> Providing MD5 checksum files is now discouraged for new releases, but still 
> allowed for past releases.
> *Why this change:*
>  * MD5 is broken for many purposes ; we should move away from it.
> [https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues]
> *Impact for PMCs:*
>  * _*for new releases:*_
>  ** please do provide a SHA-file (one or more, if you like)
>  ** do NOT provide a MD5-file

This message was sent by Atlassian JIRA

Reply via email to