You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2018/09/07 14:04:38 UTC
[Bug 62695] New: Provide sha512 for Tomcat releases published to
Maven
https://bz.apache.org/bugzilla/show_bug.cgi?id=62695
Bug ID: 62695
Summary: Provide sha512 for Tomcat releases published to Maven
Product: Tomcat 9
Version: 9.0.x
Hardware: PC
Status: NEW
Severity: normal
Priority: P2
Component: Packaging
Assignee: dev@tomcat.apache.org
Reporter: knst.kolinko@gmail.com
Target Milestone: -----
Reviewing release candidates for Tomcat 8.5.34, 9.0.12, their artifacts at
Maven staging repository have only md5 and sha1 checksums.
This can bee seen here:
[1]
https://repository.apache.org/content/repositories/orgapachetomcat-1193/org/apache/tomcat/tomcat/9.0.12/
[2]
https://repository.apache.org/content/repositories/orgapachetomcat-1194/org/apache/tomcat/tomcat/8.5.34/
The new distribution requirements at ASF has been discussed elsewhere and I
know that for Apache Parent POM the feature to implement more secure checksums
is tracked as
[3] https://issues.apache.org/jira/browse/MPOM-205
The project fro Apache Parent POM is
[4] https://maven.apache.org/pom/asf/
At [4] scroll down for "History" and see the "diff" link for changes between
versions 21 and 20. A step was added to manually generate *.sha512 files at
build time.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62695] Provide sha512 checksums for Tomcat releases published
to Maven
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62695
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #2 from Mark Thomas <ma...@apache.org> ---
This is the INFRA ticket where the Nexus changes are being tracked:
https://issues.apache.org/jira/browse/INFRA-14923
I'm marking this issue as NEEDINFO to indicate that progress is paused waiting
on an update to that ticket. I've also added myself as a watcher to that ticket
so i can follow any progress.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62695] Provide sha512 checksums for Tomcat releases published
to Maven
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62695
--- Comment #5 from Michael Osipov <mi...@apache.org> ---
Please note:
https://github.com/apache/tomcat/commit/997ea27b77fe08db2bc19bdb8b15ddbde9662675#r44558572
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62695] Provide sha512 checksums for Tomcat releases published
to Maven
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62695
--- Comment #1 from Michael Osipov <19...@gmx.net> ---
Uploads to RSO are excepted because there is a rule in Nexus staging which
checks for files. We need a modification in Nexus and Maven Central to allow
SHA256 and SHA512 files. We have already discussed this with Henk Penning.
The dist area must contain SHA256/512.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62695] Provide sha512 checksums for Tomcat releases published
to Maven
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62695
Konstantin Kolinko <kn...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Provide sha512 for Tomcat |Provide sha512 checksums
|releases published to Maven |for Tomcat releases
| |published to Maven
OS| |All
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62695] Provide sha512 checksums for Tomcat releases published
to Maven
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62695
--- Comment #3 from Mark Thomas <ma...@apache.org> ---
The ASF Nexus instance has now been upgraded to allow this.
The Tomcat builds have been switched from the unsupported Maven Ant Tasks to
the supported Maven Resolver Ant Tasks.
Work is in hand to update the Maven Resolver Ant Tasks to create SHA-256 and
SHA-512 hashes.
We aren't there yet but progress is being made.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 62695] Provide sha512 checksums for Tomcat releases published
to Maven
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=62695
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEEDINFO |RESOLVED
Resolution|--- |FIXED
--- Comment #4 from Mark Thomas <ma...@apache.org> ---
Maven Resolver Ant Tasks 1.3.0 includes the necessary functionality.
Fixed in:
- 10.0.x for 10.0.0-M11 onwards
- 9.0.x for 9.0.41 onwards
- 8.5.x for 8.5.61 onwards
- 7.0.x for 7.0.108 onwards
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org