You are viewing a plain text version of this content. The canonical link for it is here.
Posted to oak-issues@jackrabbit.apache.org by "Davide Giannella (JIRA)" <ji...@apache.org> on 2017/10/09 09:03:00 UTC
[jira] [Updated] (OAK-6650) new release checksum requirements
[ https://issues.apache.org/jira/browse/OAK-6650?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Davide Giannella updated OAK-6650:
----------------------------------
Attachment: OAK-6650-checkrelease.diff
in [^OAK-6650-checkrelease.diff] a patch for the check-release script we use to check the SHAs.
[~reschke] could you please check the feature branch and this patch? If ok, I will
- commit feature branch to trunk
- backport to each oak branch
- update the {{check-release.sh}}
- resolve this issue.
This is the least possible change we can do to comply with apache requirements.
We can investigate discuss using SHA256 or greater in separate issues and follow-up with bugs in case something won't work.
> new release checksum requirements
> ---------------------------------
>
> Key: OAK-6650
> URL: https://issues.apache.org/jira/browse/OAK-6650
> Project: Jackrabbit Oak
> Issue Type: Improvement
> Reporter: Davide Giannella
> Assignee: Davide Giannella
> Labels: candidate_oak_1_0, candidate_oak_1_2, candidate_oak_1_4, candidate_oak_1_6
> Fix For: 1.8
>
> Attachments: OAK-6650-checkrelease.diff
>
>
> As of various SHA algorithm the Apache policies around signatures and checksums changed requiring to specify the sha algorithm as part of the file extension: sha1, sha256, sha512.
> http://www.apache.org/dev/release-distribution#sigs-and-sums
> currently Oak signs with sha-1 and we should at least change the file extension
> h3. impacted areas
> - release process (pom.xml)
> - check release
> - html download page
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)