[OOZIE-3189] Update the release script and wiki page to use sha512 instead of md5 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 5.0.0
Component/s: scripts
Labels:
None

Description

Apache has updated it's policy on the release signatures, as per it's website here and a recent email. Basically, all future releases should be providing a sha512 checksum instead of an md5 one.

There are two tasks:

Update the release script to use sha512 instead of md5
https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71
https://www.apache.org/dev/release-signing#sha-checksum
Update the wiki (requires committer/pmc permissions?)
https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release

While we're updating the wiki, we should add details on:

Making sure the gpg key used for signing releases is 4096 bit RSA
Publishing your gpg public key to a key server (https://www.apache.org/dev/release-signing#keyserver)

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

OOZIE-3189.002.patch
14/Mar/18 20:56
3 kB
Robert Kanter
OOZIE-3189.001.patch
07/Mar/18 22:16
3 kB
Robert Kanter

Activity

People

Assignee:: Robert Kanter

Reporter:: Robert Kanter

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 05/Mar/18 18:19

Updated:: 09/Apr/18 15:15

Resolved:: 20/Mar/18 09:34