[
https://issues.apache.org/jira/browse/BROOKLYN-597?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thomas Bouron resolved BROOKLYN-597.
------------------------------------
Resolution: Fixed
> Remove MD5 and SHA-1 checksums
> -------------------------------
>
> Key: BROOKLYN-597
> URL: https://issues.apache.org/jira/browse/BROOKLYN-597
> Project: Brooklyn
> Issue Type: Improvement
> Affects Versions: 0.12.0
> Reporter: Geoff Macartney
> Assignee: Geoff Macartney
> Priority: Major
> Time Spent: 2h 20m
> Remaining Estimate: 0h
>
> Per the recently updated Apache Release Distribution Policy,
> [https://www.apache.org/dev/release-distribution], we should remove the
> generation and checking of MD5 and SHA-1 checksums from brooklyn-dist/release
> before we do another release, presumably 1.0.
> The relevant wording is
> {quote}For every artifact distributed to the public through Apache channels,
> the PMC
> * MUST supply a
> [valid|https://www.apache.org/dev/release-signing#verifying-signature]
> [OpenPGP-compatible ASCII-armored detached
> signature|https://www.apache.org/dev/release-signing#openpgp-ascii-detach-sig]
> file
> * MUST supply at least one checksum file
> * SHOULD supply a [SHA-256 and/or
> SHA-512|https://www.apache.org/dev/release-signing#sha-checksum] checksum file
> * SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are
> deprecated)
> For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT
> supply MD5 or SHA-1. Existing releases do not need to be changed.
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
