You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@netbeans.apache.org by Bertrand Delacretaz <bd...@apache.org> on 2018/11/19 14:13:53 UTC

Releases need better digests than SHA-1

Hi,

As Henk noted in the Incubator PMC vote thread [1], since August 18
Apache releases MUST be accompanied by a SHA-256 and/or SHA-512
checksum file and SHOULD NOT be accompanied by MD5 or SHA-1 checksum
file [2].

Can the release process be changed to accomodate that? I think for the
current release candidate it's fine to add the stronger digests
manually as I mentioned in that vote thread, but for future releases
this should be automated.

-Bertrand

[1] https://lists.apache.org/thread.html/02272396dddfe2565be2a45a279fde213b64abe0318cd0d82821317a@%3Cgeneral.incubator.apache.org%3E
[2] https://www.apache.org/dev/release-distribution#sigs-and-sums

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@netbeans.incubator.apache.org
For additional commands, e-mail: dev-help@netbeans.incubator.apache.org

For further information about the NetBeans mailing lists, visit:
https://cwiki.apache.org/confluence/display/NETBEANS/Mailing+lists