tinkerpop-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (TINKERPOP-2025) Change to SHA-256/512 and drop SHA-1 for releases
Date Mon, 24 Sep 2018 16:07:00 GMT

    [ https://issues.apache.org/jira/browse/TINKERPOP-2025?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626068#comment-16626068
] 

ASF GitHub Bot commented on TINKERPOP-2025:
-------------------------------------------

GitHub user dkuppitz opened a pull request:

    https://github.com/apache/tinkerpop/pull/935

    TINKERPOP-2025 Change to SHA-256/512 and drop SHA-1 for releases

    https://issues.apache.org/jira/browse/TINKERPOP-2025
    
    Unfortunately, upgrading the Apache parent pom didn't solve the problem completely. With
the upgrade we get the sha512 checksum file for the source release, but not for the other
artifacts.
    
    This PR upgrades the parent pom, but also adds a step in the release process to replace
any remaining sha1 checksum file with its sha512 counterpart.
    
    The release validation script was adjusted to reflect those changes; the validation will
fail if there exists
    
    * a md5 file
    * a sha1 file
    * no asc file
    * no sha512 file
    
    ... for any of the release artifacts.
    
    VOTE +1

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/apache/tinkerpop TINKERPOP-2025

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/tinkerpop/pull/935.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #935
    
----
commit 1fb3431910c0b22a06c3c9b86020c9e4db36af96
Author: Daniel Kuppitz <daniel_kuppitz@...>
Date:   2018-09-24T15:47:27Z

    Remove release artifact SHA1 checksums and generate SHA512 checksums instead.

----


> Change to SHA-256/512 and drop SHA-1 for releases
> -------------------------------------------------
>
>                 Key: TINKERPOP-2025
>                 URL: https://issues.apache.org/jira/browse/TINKERPOP-2025
>             Project: TinkerPop
>          Issue Type: Improvement
>          Components: build-release
>    Affects Versions: 3.2.9
>            Reporter: stephen mallette
>            Assignee: Daniel Kuppitz
>            Priority: Critical
>
> Given changes to Apache build requirements it seems we need to adjust our release process
again:
> https://www.apache.org/dev/release-distribution#sigs-and-sums
> Note that it appears the apache parent pom has updates to consider in this regard:
> https://issues.apache.org/jira/browse/MPOM-205
> Official release information is here:
> https://s.apache.org/asf-pom-21



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message