As noted in the vote thread, the webserver presenting the svn dist repo is seemingly mishhandling the .sha files and this leads to Firefox saving a gzip encoded version of the checksum. This is raised as https://issues.apache.org/jira/browse/INFRA-13629
Hopefully it can be fixed webserver side, but in the mean time setting a mime type on the file in the svn repo makes the webserver pick it up and act differently, and this gets things working in Firefox. I used the following for the proton-j 0.18.0 release checksums: svn propset svn:mime-type application/x-sha2 *.sha If needed, we can use some svn client config to do that automatically in future. If folks use a recent enough svn client it can actually be propset in the repo and clients will pick it up and action it. On 7 March 2017 at 23:24, Robbie Gemmell <[email protected]> wrote: > Thats probably where the key difference lies - I dont have the general > shasum, only specific sha[1|224|256|384|512]sum variants that do > complain when given the 'wrong' thing. I'm long overdue an update to > an up to date OS so that probably explains that. It makes sense they > should be able to look at whats there and attempt to verify as seems > appropriate. > > My suggestion to change wasnt really to say that there is an implied > particular choice for .sha, just that given we are changing things we > should make them consistent the distribution policy and each other > while doing so. > > On 7 March 2017 at 23:04, Justin Ross <[email protected]> wrote: >> I will change the qpid-python .sha file to SHA-512. And I wouldn't have >> objected to using .sha512 if Robbie had felt like going against the grain. >> >> FWIW, before I made the change to SHA-256 and .sha, I tested that Fedora's >> 'shasum' does not require extra options to check such files. It seems to >> figure it out on its own. In some cursory poking around, I haven't found >> anything that says .sha indicates any particular SHA hash function. >> >> On Tue, Mar 7, 2017 at 10:19 AM, Robbie Gemmell <[email protected]> >> wrote: >> >>> ;) >>> >>> I decided to go with the guideline and created a SHA512 file with .sha >>> extension. We can make it clear on the website that its SHA512. Folks >>> doing it blind will just have to try it, or look at the content to >>> figure it out. >>> >>> Given the name is 'correct', I'd probably regenerate the qpid-python >>> checksum using SHA512. We could also just leave it alone this time >>> since it only says you SHOULD use SHA512. >>> >>> On 7 March 2017 at 18:05, Rob Godfrey <[email protected]> wrote: >>> > To be fair that page says nothing about how to name SHA256 checksums :-), >>> > only that we SHOULD be creating SHA512 checksums named .sha. >>> > >>> > So, I'm +1 on naming the SHA256 .sha256 ... and it seems like the Python >>> > release really shouldn't name a SHA256 file .sha as by the above that >>> > extension should be reserved for SHA512. >>> > >>> > -- Rob >>> > >>> > On 7 March 2017 at 18:34, Timothy Bish <[email protected]> wrote: >>> > >>> >> On 03/07/2017 12:23 PM, Robbie Gemmell wrote: >>> >> >>> >>> According to http://www.apache.org/dev/release-distribution.html#sigs- >>> >>> and-sums >>> >>> .sha is actually required: >>> >>> >>> >>> "An SHA checksum SHOULD also be created and MUST be suffixed .sha. The >>> >>> checksum SHOULD be generated using SHA512." >>> >>> >>> >>> I find the extension a little unhelpful personally, but ok.. :) >>> >>> >>> >> >>> >> I would have voted for .sha256 for clarity >>> >> >>> >> >>> >>> Robbie >>> >>> >>> >>> On 7 March 2017 at 17:11, Robbie Gemmell <[email protected]> >>> >>> wrote: >>> >>> >>> >>>> Hi folks, >>> >>>> >>> >>>> I noted in the qpid-python-1.36.0 vote thread that the .sha file >>> >>>> contained a sha256 checksum, this being in place of the historic .sha1 >>> >>>> checksum file. >>> >>>> >>> >>>> I'm curious what people think about the name relative to the contents? >>> >>>> I think .sha256 might be friendlier so that people know how to try and >>> >>>> verify it implicitly from its name? >>> >>>> >>> >>>> I mainly ask as I think I'll include one for the proton-j-0.18.0 >>> >>>> release im about to cut, and am trying to settle on a name for it. >>> >>>> >>> >>>> Robbie >>> >>>> >>> >>> --------------------------------------------------------------------- >>> >>> To unsubscribe, e-mail: [email protected] >>> >>> For additional commands, e-mail: [email protected] >>> >>> >>> >>> >>> >>> >>> >> >>> >> -- >>> >> Tim Bish >>> >> twitter: @tabish121 >>> >> blog: http://timbish.blogspot.com/ >>> >> >>> >> >>> >> >>> >> --------------------------------------------------------------------- >>> >> To unsubscribe, e-mail: [email protected] >>> >> For additional commands, e-mail: [email protected] >>> >> >>> >> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
