You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tinkerpop.apache.org by "Daniel Kuppitz (JIRA)" <ji...@apache.org> on 2018/03/06 15:12:00 UTC
[jira] [Created] (TINKERPOP-1912) Remove MD5 checksums
Daniel Kuppitz created TINKERPOP-1912:
-----------------------------------------
Summary: Remove MD5 checksums
Key: TINKERPOP-1912
URL: https://issues.apache.org/jira/browse/TINKERPOP-1912
Project: TinkerPop
Issue Type: Improvement
Components: build-release
Reporter: Daniel Kuppitz
Assignee: Daniel Kuppitz
Apache is asking to remove MD5 checksums from releases.
*Old policy:*
* MUST provide a MD5-file
* SHOULD provide a SHA-file [SHA-512 recommended]
*New policy:*
* MUST provide a SHA- or MD5-file
* SHOULD provide a SHA-file
* SHOULD NOT provide a MD5-file
Providing MD5 checksum files is now discouraged for new releases, but still allowed for past releases.
*Why this change:*
* MD5 is broken for many purposes ; we should move away from it.
[https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues]
*Impact for PMCs:*
* _*for new releases:*_
** please do provide a SHA-file (one or more, if you like)
** do NOT provide a MD5-file
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)