On 2017-10-11 15:51, Davide Giannella wrote:
Hello team,
now that we moved to a format that is compliant to the Apache
requirements for releases, I was wondering whether we want to move away
from SHA1 towards a more robust SHA-512.
It looks like ant (and antrun-plugin) supports the algorithm and it's
been supported at least since Java6 therefore we should not have any big
problems in backports.
Thoughts? Shall we do this on both Oak and JR?
The impacted areas will be
- parent/pom.xml
- check-release.sh
- website, download page (for future downloads)
Cheers
Davide
- yes, Jackrabbit and Oak should be consistent
- timing: maybe have at least one release with the current config before
moving on?
- checking: would be good to check that we all have openssl binaries
that support SHA256...
Best regards, Julian
