You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Peter Ivanov (Jira)" <ji...@apache.org> on 2021/01/25 10:23:00 UTC
[jira] [Comment Edited] (IGNITE-13999) Switch to SHA-512 for jar
checksum calculation.
[ https://issues.apache.org/jira/browse/IGNITE-13999?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17271223#comment-17271223 ]
Peter Ivanov edited comment on IGNITE-13999 at 1/25/21, 10:22 AM:
------------------------------------------------------------------
Currently it seem to be impossible to create sha512 hashsums other than use custom code, which leads to uncertainty in goal — where we really should do it now.
Infra team is asked for possible solutions: https://issues.apache.org/jira/browse/INFRA-21336
For now, ticket is on pause until further information available.
was (Author: vveider):
Currently it seem to be impossible to create sha512 hashsums other than use custom code.
Infra team is asked for possible solutions: https://issues.apache.org/jira/browse/INFRA-21336
For now, ticket is on pause until further information available.
> Switch to SHA-512 for jar checksum calculation.
> -----------------------------------------------
>
> Key: IGNITE-13999
> URL: https://issues.apache.org/jira/browse/IGNITE-13999
> Project: Ignite
> Issue Type: Improvement
> Components: build
> Reporter: Andrey Mashenkov
> Assignee: Peter Ivanov
> Priority: Major
> Labels: ignite-3
>
> maven-deploy-plugin is responsible for signing jar. However, it seems SHA-1 is hardcoded there.
> In the latest apache parent pom (org.apache:apache:23) a checksum-maven-plugin is used as a workaround to sign jars with SHA-512. But it signs only source jar and do not affect binary jar.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)