You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Bertrand Delacretaz (JIRA)" <ji...@apache.org> on 2018/04/12 12:20:00 UTC
[jira] [Commented] (SLING-7534) Release policy - stop providing MD5
signatures
[ https://issues.apache.org/jira/browse/SLING-7534?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16435459#comment-16435459 ]
Bertrand Delacretaz commented on SLING-7534:
--------------------------------------------
I'm wondering if it's repository.apache.org that generates the checksums: grepping the output of {{mvn -X deploy}} on the {{sling-org-apache-sling-engine}} module as an example:
{code}
$ egrep -i 'md5|checksum|uploaded' deploy-output.txt
<createChecksum default-value="false">${createChecksum}</createChecksum>
[DEBUG] (f) createChecksum = false
Uploaded: https://repository.apache.org/content/repositories/snapshots/org/apache/sling/org.apache.sling.engine/2.6.13-SNAPSHOT/org.apache.sling.engine-2.6.13-20180412.121129-18.jar (203 KB at 96.0 KB/sec)
Uploaded: https://repository.apache.org/content/repositories/snapshots/org/apache/sling/org.apache.sling.engine/2.6.13-SNAPSHOT/org.apache.sling.engine-2.6.13-20180412.121129-18.pom (10 KB at 5.1 KB/sec)
Uploaded: https://repository.apache.org/content/repositories/snapshots/org/apache/sling/org.apache.sling.engine/2.6.13-SNAPSHOT/maven-metadata.xml (1011 B at 0.7 KB/sec)
Uploaded: https://repository.apache.org/content/repositories/snapshots/org/apache/sling/org.apache.sling.engine/maven-metadata.xml (2 KB at 0.7 KB/sec)
Uploaded: https://repository.apache.org/content/repositories/snapshots/org/apache/sling/org.apache.sling.engine/2.6.13-SNAPSHOT/org.apache.sling.engine-2.6.13-20180412.121129-18-sources.jar (144 KB at 71.2 KB/sec)
Uploaded: https://repository.apache.org/content/repositories/snapshots/org/apache/sling/org.apache.sling.engine/2.6.13-SNAPSHOT/maven-metadata.xml (1011 B at 0.7 KB/sec)
{code}
It doesn't seem like checksums are generated by the build nor uploaded, but after running the above there is an https://repository.apache.org/content/repositories/snapshots/org/apache/sling/org.apache.sling.engine/2.6.13-SNAPSHOT/org.apache.sling.engine-2.6.13-20180412.121129-18-sources.jar.md5 indeed.
Also, {{mvn help:effective-pom}} doesn't say anything about checksums or md5 - but maybe those are defaults of the install or release plugin, I'm not sure.
> Release policy - stop providing MD5 signatures
> ----------------------------------------------
>
> Key: SLING-7534
> URL: https://issues.apache.org/jira/browse/SLING-7534
> Project: Sling
> Issue Type: Task
> Components: Tooling
> Reporter: Robert Munteanu
> Priority: Major
>
> See http://www.apache.org/dev/release-distribution#sigs-and-sums , we SHOULD no longer provide MD5 checksums for new releases.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)