ASF GitHub Bot commented on TINKERPOP-1912:

GitHub user dkuppitz opened a pull request:


    TINKERPOP-1912 Remove MD5 checksums

    This PR basically just adds another step to the release process, that 
removes the auto-generated MD5 checksums.
    See: http://www.apache.org/dev/release-publishing.html#distribution_maven
    VOTE: +1

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/apache/tinkerpop TINKERPOP-1912

Alternatively you can review and apply these changes as the patch at:


To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #836
commit ed751d189e78224959abe3506ff13cdcef790f00
Author: Daniel Kuppitz <daniel_kuppitz@...>
Date:   2018-04-10T20:31:47Z

    TINKERPOP-1912 Removed MD5 checksums from release


> Remove MD5 checksums
> --------------------
>                 Key: TINKERPOP-1912
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-1912
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: build-release
>    Affects Versions: 3.2.7
>            Reporter: Daniel Kuppitz
>            Assignee: Daniel Kuppitz
>            Priority: Minor
> Apache is asking to remove MD5 checksums from releases.
> *Old policy:*
>  * MUST provide a MD5-file
>  * SHOULD provide a SHA-file [SHA-512 recommended]
> *New policy:*
>  * MUST provide a SHA- or MD5-file
>  * SHOULD provide a SHA-file
>  * SHOULD NOT provide a MD5-file
> Providing MD5 checksum files is now discouraged for new releases, but still 
> allowed for past releases.
> *Why this change:*
>  * MD5 is broken for many purposes ; we should move away from it.
> [https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues]
> *Impact for PMCs:*
>  * _*for new releases:*_
>  ** please do provide a SHA-file (one or more, if you like)
>  ** do NOT provide a MD5-file

This message was sent by Atlassian JIRA

Reply via email to