You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beam.apache.org by me...@apache.org on 2018/03/19 17:00:16 UTC
[beam-site] 01/02: Update instructions on cryptographic hashes.
This is an automated email from the ASF dual-hosted git repository.
mergebot-role pushed a commit to branch mergebot
in repository https://gitbox.apache.org/repos/asf/beam-site.git
commit ebafac13fa1aeca07c57bec2f7cbc2476ca1a5b1
Author: Robert Bradshaw <ro...@gmail.com>
AuthorDate: Sat Mar 17 01:25:13 2018 -0700
Update instructions on cryptographic hashes.
Per http://www.apache.org/dev/release-distribution#sigs-and-sums,
md5 is now officially discouraged as being too broken.
Removing SHA-1 as it is broken as well (though not nearly as badly).
SHA-512 is recommended.
---
src/contribute/release-guide.md | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/src/contribute/release-guide.md b/src/contribute/release-guide.md
index 7feeba7..782b12b 100644
--- a/src/contribute/release-guide.md
+++ b/src/contribute/release-guide.md
@@ -300,11 +300,9 @@ Copy the source release to the dev repository of `dist.apache.org`.
1. Create hashes for source files and sign the python source file file
- sha1sum apache-beam-${VERSION}-source-release.zip > apache-beam-${VERSION}-source-release.zip.sha1
- md5sum apache-beam-${VERSION}-source-release.zip > apache-beam-${VERSION}-source-release.zip.md5
+ sha512sum apache-beam-${VERSION}-source-release.zip > apache-beam-${VERSION}-source-release.zip.sha512
gpg --armor --detach-sig apache-beam-${VERSION}-python.zip
- sha1sum apache-beam-${VERSION}-python.zip > apache-beam-${VERSION}-python.zip.sha1
- md5sum apache-beam-${VERSION}-python.zip > apache-beam-${VERSION}-python.zip.md5
+ sha512sum apache-beam-${VERSION}-python.zip > apache-beam-${VERSION}-python.zip.sha512
1. Add and commit all the files.
--
To stop receiving notification emails like this one, please contact
mergebot-role@apache.org.