[
https://issues.apache.org/jira/browse/TINKERPOP-1912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435661#comment-16435661
]
Advertising
ASF GitHub Bot commented on TINKERPOP-1912:
-------------------------------------------
Github user spmallette commented on the issue:
https://github.com/apache/tinkerpop/pull/837
Nice cleanup of the download page. Note that we only deploy the `/site`
from `master` so you typically just need to update that, but I guess that would
have just meant another PR to keep track of.
btw, any reason you organized these two PRs this way? i would have merged
#836 to this branch and then applied my additional changes just for tp33/master
and this PR. in that way you'd have resolved conflicts here for us to review.
> Remove MD5 checksums
> --------------------
>
> Key: TINKERPOP-1912
> URL: https://issues.apache.org/jira/browse/TINKERPOP-1912
> Project: TinkerPop
> Issue Type: Improvement
> Components: build-release
> Affects Versions: 3.2.7
> Reporter: Daniel Kuppitz
> Assignee: Daniel Kuppitz
> Priority: Minor
>
> Apache is asking to remove MD5 checksums from releases.
> *Old policy:*
> * MUST provide a MD5-file
> * SHOULD provide a SHA-file [SHA-512 recommended]
> *New policy:*
> * MUST provide a SHA- or MD5-file
> * SHOULD provide a SHA-file
> * SHOULD NOT provide a MD5-file
> Providing MD5 checksum files is now discouraged for new releases, but still
> allowed for past releases.
> *Why this change:*
> * MD5 is broken for many purposes ; we should move away from it.
> [https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues]
> *Impact for PMCs:*
> * _*for new releases:*_
> ** please do provide a SHA-file (one or more, if you like)
> ** do NOT provide a MD5-file
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
