[ https://issues.apache.org/jira/browse/UIMA-5856?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16630723#comment-16630723
]
Richard Eckart de Castilho commented on UIMA-5856:
--------------------------------------------------
I have added a script to generate SHA-512 files for any file that already has a SHA1 file
to the dist spot, ran it, and committed the SHA-512 files (worked on OS X, no guarantee on
other platforms).
I have also updated the website to link only to the SHA-512 files.
Finally, the parent POM now only generates the SHA-512 files.
I guess now we need a release of the UIMA Parent POM :)
> Use modern checksum algorithms during release
> ---------------------------------------------
>
> Key: UIMA-5856
> URL: https://issues.apache.org/jira/browse/UIMA-5856
> Project: UIMA
> Issue Type: Improvement
> Components: Build, Packaging and Test, Website
> Reporter: Richard Eckart de Castilho
> Assignee: Richard Eckart de Castilho
> Priority: Major
> Fix For: 12
>
>
> Apache policy requires that we drop generating MD5 / SHA1 checksums and switch:
> -- for new releases :
> -- you MUST supply a SHA-256 and/or SHA-512 file
> -- you SHOULD NOT supply MD5 or SHA-1 files
> Best place to do this would be the parent-pom.
> Its a bit of a blocker for producing any new releases unless sub-projects override all
the code-signing provisions in the UIMA parent pom.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
|