Re: [OT] Benedikt's availability

Perfect. Enjoy! Gary On Tue, May 10, 2016 at 8:25 PM, Benedikt Ritter wrote: > Hello, > > I'm on vacation for one week. I will not have internet access, so I will > not respond to any mails. > > Regards, > Benedikt > -- E-Mail: garydgreg...@gmail.com | ggreg...@apache.org Java Persistence w

Re: [RESULT] [VOTE] Apache Commons VFS 2.1 rc1

Don't despair, I plan on being +1 for the next RC :-) Gary On Tue, May 10, 2016 at 7:38 PM, Josh Elser wrote: > Well, this seems to have officially been stalled after 2 binding votes > (which is super disheartening). > > 1, +1 > 1, -1 > 1, non-binding +1. > > Thank you Gary, Stian, and Benedikt

[OT] Benedikt's availability

Hello, I'm on vacation for one week. I will not have internet access, so I will not respond to any mails. Regards, Benedikt

[RESULT] [VOTE] Apache Commons VFS 2.1 rc1

Well, this seems to have officially been stalled after 2 binding votes (which is super disheartening). 1, +1 1, -1 1, non-binding +1. Thank you Gary, Stian, and Benedikt for finding the time to vote! I guess I'll pull in Gary's changes and hope we can get the minimum binding votes for the nex

Re: [eclipse-dev] Notice that Eclipse Platform plans to no longer provide MD5 and SHA1 checksums for Neon (but still SHA512)

Hello, Fully agree for checksum files no stronger hashes are needed. For the pgp signatures we should however avoid md5/sha1. The advantage isnthat this is pretty transparent (alg encoded in .asc file). It only breaks for some very old invoked pgp binaries. (Theoretically we can add multiple si

Re: [eclipse-dev] Notice that Eclipse Platform plans to no longer provide MD5 and SHA1 checksums for Neon (but still SHA512)

I am not even sure how you would do this. Maven does this automatically when you deploy. In Log4j I only do it manually when I zip the web site and archive it. Ralph > On May 9, 2016, at 5:51 PM, Gary Gregory wrote: > > Should we follow suit? > > Gary > > -- Forwarded message -

Re: [eclipse-dev] Notice that Eclipse Platform plans to no longer provide MD5 and SHA1 checksums for Neon (but still SHA512)

As long as all the required PGP keys are in the KEYS file, falling back to only .asc signatures would be ok with me. However, if the required public keys are missing from KEYS, that makes it very hard to automate verification of artifacts. On 10 May 2016 at 05:42, Gary Gregory wrote: > I've not

Re: [eclipse-dev] Notice that Eclipse Platform plans to no longer provide MD5 and SHA1 checksums for Neon (but still SHA512)

I've not looked into it... On May 10, 2016 2:30 AM, "Benedikt Ritter" wrote: > Hi Gary, > > What changes are required for this? Is this just a setting in > commons-parent? > > Benedikt > > Gary Gregory schrieb am Di., 10. Mai 2016 um > 02:51 Uhr: > > > Should we follow suit? > > > > Gary > > > >

Re: [eclipse-dev] Notice that Eclipse Platform plans to no longer provide MD5 and SHA1 checksums for Neon (but still SHA512)

Why bother changing? Checksums/hashes are only intended for checking that a download has completed OK. They don't provide any authentication as anyone can generate them. AFAICT the strength of the hash has no bearing on its utility. People should use the sigs instead. Switching to a stronger ha

Re: [eclipse-dev] Notice that Eclipse Platform plans to no longer provide MD5 and SHA1 checksums for Neon (but still SHA512)

Hi Gary, What changes are required for this? Is this just a setting in commons-parent? Benedikt Gary Gregory schrieb am Di., 10. Mai 2016 um 02:51 Uhr: > Should we follow suit? > > Gary > > -- Forwarded message -- > From: David M Williams > Date: Mon, May 9, 2016 at 5:37 PM >