You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@metamodel.apache.org by "Kasper Sørensen (JIRA)" <ji...@apache.org> on 2017/08/16 18:57:00 UTC
[jira] [Created] (METAMODEL-1155) Produce .sha256 and .sha512 files
during release
Kasper Sørensen created METAMODEL-1155:
------------------------------------------
Summary: Produce .sha256 and .sha512 files during release
Key: METAMODEL-1155
URL: https://issues.apache.org/jira/browse/METAMODEL-1155
Project: Apache MetaModel
Issue Type: Task
Reporter: Kasper Sørensen
The Release Distribution Policy[1] changed regarding .sha files.
See under "Cryptographic Signatures and Checksums Requirements" [2].
New policy :
-- use .sha1 for a SHA-1 checksum
-- use .sha256 for a SHA-256 checksum
-- use .sha512 for a SHA-512 checksum
-- [*] .sha should contain a SHA-1
Why this change ?
-- Verifying a checksum under the old policy is/was not handy.
You have to inspect the .sha to find out which algorithm
should be used ; or try them all (SHA-1, SHA256, etc).
The new scheme avoids this ambiguity.
-- The last point[*] was only added for clarity. Most of the
old, stale .sha's contain a SHA-1. The relatively new .sha's
contain a SHA-512. The expectation is that the last catagory will
disappear, when active projects adapt to the 'new' convention.
Specifically for MetaModel:
* We need to produce the 256 and 512 variants, since we today already produce a .sha1 file
[1] http://www.apache.org/dev/release-distribution
[2] http://www.apache.org/dev/release-distribution#sigs-and-sums
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)