[jira] [Commented] (TINKERPOP-2025) Change to SHA-256/512 and drop SHA-1 for releases

[ASF GitHub Bot (JIRA)]

    [ 
https://issues.apache.org/jira/browse/TINKERPOP-2025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626068#comment-16626068
 ] 

ASF GitHub Bot commented on TINKERPOP-2025:
-------------------------------------------

GitHub user dkuppitz opened a pull request:

    https://github.com/apache/tinkerpop/pull/935

    TINKERPOP-2025 Change to SHA-256/512 and drop SHA-1 for releases

    https://issues.apache.org/jira/browse/TINKERPOP-2025
    
    Unfortunately, upgrading the Apache parent pom didn't solve the problem 
completely. With the upgrade we get the sha512 checksum file for the source 
release, but not for the other artifacts.
    
    This PR upgrades the parent pom, but also adds a step in the release 
process to replace any remaining sha1 checksum file with its sha512 counterpart.
    
    The release validation script was adjusted to reflect those changes; the 
validation will fail if there exists
    
    * a md5 file
    * a sha1 file
    * no asc file
    * no sha512 file
    
    ... for any of the release artifacts.
    
    VOTE +1

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/apache/tinkerpop TINKERPOP-2025

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/tinkerpop/pull/935.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #935
    
----
commit 1fb3431910c0b22a06c3c9b86020c9e4db36af96
Author: Daniel Kuppitz <daniel_kuppitz@...>
Date:   2018-09-24T15:47:27Z

    Remove release artifact SHA1 checksums and generate SHA512 checksums 
instead.

----


> Change to SHA-256/512 and drop SHA-1 for releases
> -------------------------------------------------
>
>                 Key: TINKERPOP-2025
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2025
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: build-release
>    Affects Versions: 3.2.9
>            Reporter: stephen mallette
>            Assignee: Daniel Kuppitz
>            Priority: Critical
>
> Given changes to Apache build requirements it seems we need to adjust our 
> release process again:
> https://www.apache.org/dev/release-distribution#sigs-and-sums
> Note that it appears the apache parent pom has updates to consider in this 
> regard:
> https://issues.apache.org/jira/browse/MPOM-205
> Official release information is here:
> https://s.apache.org/asf-pom-21



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)