You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@jackrabbit.apache.org by "Julian Reschke (JIRA)" <ji...@apache.org> on 2017/10/10 11:17:00 UTC

[jira] [Commented] (JCR-4182) new release checksum requirements

    [ https://issues.apache.org/jira/browse/JCR-4182?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16198524#comment-16198524 ] 

Julian Reschke commented on JCR-4182:
-------------------------------------

trunk: [r1811667|http://svn.apache.org/r1811667]


> new release checksum requirements
> ---------------------------------
>
>                 Key: JCR-4182
>                 URL: https://issues.apache.org/jira/browse/JCR-4182
>             Project: Jackrabbit Content Repository
>          Issue Type: Improvement
>            Reporter: Davide Giannella
>            Assignee: Julian Reschke
>              Labels: candidate_jcr_2_10, candidate_jcr_2_12, candidate_jcr_2_14, candidate_jcr_2_6, candidate_jcr_2_8
>             Fix For: 2.16, 2.10.7, 2.6.10, 2.15.7, 2.14.4, 2.8.7, 2.12.9
>
>
> As of various SHA algorithm the Apache policies around signatures and checksums changed requiring to specify the sha algorithm as part of the file extension: sha1, sha256, sha512.
> http://www.apache.org/dev/release-distribution#sigs-and-sums
> currently Jackrabbit signs with sha-1 and we should at least change the file extension



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)