ASF GitHub Bot commented on TINKERPOP-1912:

Github user spmallette commented on the issue:

    Nice cleanup of the download page. Note that we only deploy the `/site` 
from `master` so you typically just need to update that, but I guess that would 
have just meant another PR to keep track of.  
    btw, any reason you organized these two PRs this way? i would have merged 
#836 to this branch and then applied my additional changes just for tp33/master 
and this PR. in that way you'd have resolved conflicts here for us to review. 

> Remove MD5 checksums
> --------------------
>                 Key: TINKERPOP-1912
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-1912
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: build-release
>    Affects Versions: 3.2.7
>            Reporter: Daniel Kuppitz
>            Assignee: Daniel Kuppitz
>            Priority: Minor
> Apache is asking to remove MD5 checksums from releases.
> *Old policy:*
>  * MUST provide a MD5-file
>  * SHOULD provide a SHA-file [SHA-512 recommended]
> *New policy:*
>  * MUST provide a SHA- or MD5-file
>  * SHOULD provide a SHA-file
>  * SHOULD NOT provide a MD5-file
> Providing MD5 checksum files is now discouraged for new releases, but still 
> allowed for past releases.
> *Why this change:*
>  * MD5 is broken for many purposes ; we should move away from it.
> [https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues]
> *Impact for PMCs:*
>  * _*for new releases:*_
>  ** please do provide a SHA-file (one or more, if you like)
>  ** do NOT provide a MD5-file

This message was sent by Atlassian JIRA

Reply via email to