You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Nick Jacobsen (Jira)" <ji...@apache.org> on 2020/01/30 15:28:00 UTC

[jira] [Created] (SPARK-30683) Validating sha512 files for releases does not comply with Apache Project documentation

Nick Jacobsen created SPARK-30683:
-------------------------------------

             Summary: Validating sha512 files for releases does not comply with Apache Project documentation
                 Key: SPARK-30683
                 URL: https://issues.apache.org/jira/browse/SPARK-30683
             Project: Spark
          Issue Type: Improvement
          Components: Project Infra
    Affects Versions: 2.4.4, 2.4.0, 2.3.0
            Reporter: Nick Jacobsen


Spark release artifacts currently use gpg generated sha512 files.  These are not in the same format as ones generated via sha512sum, and can not be validated easily using sha512sum.  As the [Apache Project instructions|[https://www.apache.org/info/verification.html]] for how to validate a release explicitly instructs the use of sha512sum compatible tools, there is no documentation for successfully validating a downloaded release using the sha512 file.

 

This subject has been brought up before and an issue to change to using sha512sum compatible formats was closed as WontFix with little discussion; even if switching isn't warranted, at the least instructions for validating using the sha512 files should be documented.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org