On 04/02/2017 02:00, Maxim Solodovnik wrote:
+1 (non -binding)
tested:
1) signature sha
2) build from sources
3) our main application
PS Maybe it's time to change sha1 to something stronger? sha256 for ex.?
That's an hot topic :-). Martin also suggested to use stronger hash
algorithms (see WICKET-6074). However this kind of decision can be made
only by the Apache Foundation. At the moment md5 and sha1 are explicitly
required to release our artifacts:
https://www.apache.org/dev/release-signing.html#basic-facts
On Sat, Feb 4, 2017 at 4:58 AM, Tobias Soloschenko <
tobiassolosche...@googlemail.com> wrote:
