[
https://issues.apache.org/jira/browse/CALCITE-1972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16148690#comment-16148690
]
Michael Mior commented on CALCITE-1972:
---------------------------------------
I assume we should have the linked digest for the downloads be the sha256 now?
> Create .sha512 and .md5 digests for release artifacts
> -----------------------------------------------------
>
> Key: CALCITE-1972
> URL: https://issues.apache.org/jira/browse/CALCITE-1972
> Project: Calcite
> Issue Type: Bug
> Reporter: Julian Hyde
> Assignee: Michael Mior
> Fix For: 1.14.0
>
>
> Following CALCITE-1329 we currently generate a .mds file containing multiple
> digests, but breaches Apache policy for the file names that can be generated.
> We should instead generate a file with .sha512 suffix containing a SHA512
> digest.
> No need to generate MD5 or SHA1; these are no longer secure.
> Steps:
> * in pom.xml, modify the checksum-maven-plugin configuration;
> * in HOWTO.md, remove the steps to generate the .mds file;
> * in site/downloads/index.md, modify the "assign digest" logic for releases
> 1.14 and later.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
