You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@brooklyn.apache.org by "Geoff Macartney (JIRA)" <ji...@apache.org> on 2018/08/15 18:12:00 UTC

[jira] [Created] (BROOKLYN-597) Remove MD5 and SHA-1 checksums

Geoff Macartney created BROOKLYN-597:
----------------------------------------

             Summary: Remove MD5 and SHA-1 checksums 
                 Key: BROOKLYN-597
                 URL: https://issues.apache.org/jira/browse/BROOKLYN-597
             Project: Brooklyn
          Issue Type: Improvement
    Affects Versions: 0.12.0
            Reporter: Geoff Macartney


Per the recently updated Apache Release Distribution Policy, [https://www.apache.org/dev/release-distribution], we should remove the generation and checking of MD5 and SHA-1 checksums from brooklyn-dist/release before we do another release, presumably 1.0.

The relevant wording is 
{quote}For every artifact distributed to the public through Apache channels, the PMC
 * MUST supply a [valid|https://www.apache.org/dev/release-signing#verifying-signature] [OpenPGP-compatible ASCII-armored detached signature|https://www.apache.org/dev/release-signing#openpgp-ascii-detach-sig] file
 * MUST supply at least one checksum file
 * SHOULD supply a [SHA-256 and/or SHA-512|https://www.apache.org/dev/release-signing#sha-checksum] checksum file
 * SHOULD NOT supply a MD5 or SHA-1 checksum file (because these are deprecated)

For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT supply MD5 or SHA-1. Existing releases do not need to be changed.
{quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)