You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tinkerpop.apache.org by "Daniel Kuppitz (JIRA)" <ji...@apache.org> on 2018/03/06 15:12:00 UTC

[jira] [Created] (TINKERPOP-1912) Remove MD5 checksums

Daniel Kuppitz created TINKERPOP-1912:
-----------------------------------------

             Summary: Remove MD5 checksums
                 Key: TINKERPOP-1912
                 URL: https://issues.apache.org/jira/browse/TINKERPOP-1912
             Project: TinkerPop
          Issue Type: Improvement
          Components: build-release
            Reporter: Daniel Kuppitz
            Assignee: Daniel Kuppitz


Apache is asking to remove MD5 checksums from releases.

*Old policy:*
 * MUST provide a MD5-file
 * SHOULD provide a SHA-file [SHA-512 recommended]

*New policy:*
 * MUST provide a SHA- or MD5-file
 * SHOULD provide a SHA-file
 * SHOULD NOT provide a MD5-file

Providing MD5 checksum files is now discouraged for new releases, but still allowed for past releases.

*Why this change:*
 * MD5 is broken for many purposes ; we should move away from it.
[https://en.wikipedia.org/wiki/MD5#Overview_of_security_issues]

*Impact for PMCs:*
 * _*for new releases:*_
 ** please do provide a SHA-file (one or more, if you like)
 ** do NOT provide a MD5-file



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)