You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cassandra.apache.org by "Michael Semb Wever (Jira)" <ji...@apache.org> on 2019/12/08 19:52:00 UTC
[jira] [Commented] (CASSANDRA-14970) New releases must supply
SHA-256 and/or SHA-512 checksums
[ https://issues.apache.org/jira/browse/CASSANDRA-14970?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16990977#comment-16990977 ]
Michael Semb Wever commented on CASSANDRA-14970:
------------------------------------------------
bq. remove the `only_deb` flag (is it really needed?)
Agreed to keep. ref: https://the-asf.slack.com/archives/CK23JSY2K/p1574199400163100
bq. generate the sha512 and gnupg asc signatures on the non-maven artefacts
This is already done by the {{`ant release`}} task. But I can't see anywhere that is actually calling/using it. I have moved the checksumming into the {{`artifacts`}} tasks (alongside the generation of the original artefacts), and renamed the {{`release}}` task to {{`rat`}}.
> New releases must supply SHA-256 and/or SHA-512 checksums
> ---------------------------------------------------------
>
> Key: CASSANDRA-14970
> URL: https://issues.apache.org/jira/browse/CASSANDRA-14970
> Project: Cassandra
> Issue Type: Bug
> Components: Packaging
> Reporter: Michael Shuler
> Assignee: Michael Shuler
> Priority: Urgent
> Fix For: 2.2.16, 3.0.20, 3.11.6, 4.0
>
> Attachments: 0001-Update-downloads-for-sha256-sha512-checksum-files.patch, 0001-Update-release-checksum-algorithms-to-SHA-256-SHA-512.patch, ant-publish-checksum-fail.jpg, build_cassandra-2.1.png, build_trunk.png
>
>
> Release policy was updated around 9/2018 to state:
> "For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT supply MD5 or SHA-1. Existing releases do not need to be changed."
> build.xml needs to be updated from MD5 & SHA-1 to, at least, SHA-256 or both. cassandra-builds/cassandra-release scripts need to be updated to work with the new checksum files.
> http://www.apache.org/dev/release-distribution#sigs-and-sums
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org