uima-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Marshall Schor (JIRA)" <...@uima.apache.org>
Subject [jira] [Updated] (UIMA-5856) Use modern checksum algorithms during release
Date Sat, 29 Sep 2018 21:44:00 GMT

     [ https://issues.apache.org/jira/browse/UIMA-5856?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Marshall Schor updated UIMA-5856:
---------------------------------
    Description: 
Apache policy requires that we drop generating MD5 / SHA1 checksums and switch:

– for new releases :
 – you MUST supply a SHA-256 and/or SHA-512 file
 – you SHOULD NOT supply MD5 or SHA-1 files
See http://www.apache.org/dev/release-distribution#sigs-and-sums

Best place to do this would be the parent-pom.

Its a bit of a blocker for producing any new releases unless sub-projects override all the
code-signing provisions in the UIMA parent pom.

  was:
Apache policy requires that we drop generating MD5 / SHA1 checksums and switch:

 -- for new releases :
    -- you MUST supply a SHA-256 and/or SHA-512 file
    -- you SHOULD NOT supply MD5 or SHA-1 files

Best place to do this would be the parent-pom.

Its a bit of a blocker for producing any new releases unless sub-projects override all the
code-signing provisions in the UIMA parent pom.


> Use modern checksum algorithms during release
> ---------------------------------------------
>
>                 Key: UIMA-5856
>                 URL: https://issues.apache.org/jira/browse/UIMA-5856
>             Project: UIMA
>          Issue Type: Improvement
>          Components: Build, Packaging and Test, Website
>            Reporter: Richard Eckart de Castilho
>            Assignee: Richard Eckart de Castilho
>            Priority: Major
>             Fix For: 12
>
>
> Apache policy requires that we drop generating MD5 / SHA1 checksums and switch:
> – for new releases :
>  – you MUST supply a SHA-256 and/or SHA-512 file
>  – you SHOULD NOT supply MD5 or SHA-1 files
> See http://www.apache.org/dev/release-distribution#sigs-and-sums
> Best place to do this would be the parent-pom.
> Its a bit of a blocker for producing any new releases unless sub-projects override all
the code-signing provisions in the UIMA parent pom.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message