[
https://issues.apache.org/jira/browse/CALCITE-1972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16148046#comment-16148046
]
Julian Hyde commented on CALCITE-1972:
--------------------------------------
Per [release distribution
policy|http://www.apache.org/dev/release-distribution.html] there also needs to
be a .md5 file. Which makes 3: .md5, .asc, .sha512.
Arguably we should not be creating .md5 anymore, but we have to comply with
current policy.
> Create sha512 digest for release artifacts
> ------------------------------------------
>
> Key: CALCITE-1972
> URL: https://issues.apache.org/jira/browse/CALCITE-1972
> Project: Calcite
> Issue Type: Bug
> Reporter: Julian Hyde
> Assignee: Michael Mior
> Fix For: 1.14.0
>
>
> Following CALCITE-1329 we currently generate a .mds file containing multiple
> digests, but breaches Apache policy for the file names that can be generated.
> We should instead generate a file with .sha512 suffix containing a SHA512
> digest.
> No need to generate MD5 or SHA1; these are no longer secure.
> Steps:
> * in pom.xml, modify the checksum-maven-plugin configuration;
> * in HOWTO.md, remove the steps to generate the .mds file;
> * in site/downloads/index.md, modify the "assign digest" logic for releases
> 1.14 and later.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
