GitHub user dkuppitz opened a pull request:
https://github.com/apache/tinkerpop/pull/935
TINKERPOP-2025 Change to SHA-256/512 and drop SHA-1 for releases
https://issues.apache.org/jira/browse/TINKERPOP-2025
Unfortunately, upgrading the Apache parent pom didn't solve the problem
completely. With the upgrade we get the sha512 checksum file for the source
release, but not for the other artifacts.
This PR upgrades the parent pom, but also adds a step in the release
process to replace any remaining sha1 checksum file with its sha512 counterpart.
The release validation script was adjusted to reflect those changes; the
validation will fail if there exists
* a md5 file
* a sha1 file
* no asc file
* no sha512 file
... for any of the release artifacts.
VOTE +1
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/apache/tinkerpop TINKERPOP-2025
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/tinkerpop/pull/935.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #935
----
commit 1fb3431910c0b22a06c3c9b86020c9e4db36af96
Author: Daniel Kuppitz <daniel_kuppitz@...>
Date: 2018-09-24T15:47:27Z
Remove release artifact SHA1 checksums and generate SHA512 checksums
instead.
----
---
