uima-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Richard Eckart de Castilho (JIRA)" <...@uima.apache.org>
Subject [jira] [Commented] (UIMA-5856) Use modern checksum algorithms during release
Date Thu, 27 Sep 2018 16:54:00 GMT

    [ https://issues.apache.org/jira/browse/UIMA-5856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630723#comment-16630723
] 

Richard Eckart de Castilho commented on UIMA-5856:
--------------------------------------------------

I have added a script to generate SHA-512 files for any file that already has a SHA1 file
to the dist spot, ran it, and committed the SHA-512 files (worked on OS X, no guarantee on
other platforms).

I have also updated the website to link only to the SHA-512 files.

Finally, the parent POM now only generates the SHA-512 files.

I guess now we need a release of the UIMA Parent POM :)

> Use modern checksum algorithms during release
> ---------------------------------------------
>
>                 Key: UIMA-5856
>                 URL: https://issues.apache.org/jira/browse/UIMA-5856
>             Project: UIMA
>          Issue Type: Improvement
>          Components: Build, Packaging and Test, Website
>            Reporter: Richard Eckart de Castilho
>            Assignee: Richard Eckart de Castilho
>            Priority: Major
>             Fix For: 12
>
>
> Apache policy requires that we drop generating MD5 / SHA1 checksums and switch:
>  -- for new releases :
>     -- you MUST supply a SHA-256 and/or SHA-512 file
>     -- you SHOULD NOT supply MD5 or SHA-1 files
> Best place to do this would be the parent-pom.
> Its a bit of a blocker for producing any new releases unless sub-projects override all
the code-signing provisions in the UIMA parent pom.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message