Uploaded image for project: 'Calcite'
  1. Calcite
  2. CALCITE-1972

Create .sha512 and .md5 digests for release artifacts

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 1.14.0
    • Component/s: None
    • Labels:
      None

      Description

      Following CALCITE-1329 we currently generate a .mds file containing multiple digests, but breaches Apache policy for the file names that can be generated. We should instead generate a file with .sha512 suffix containing a SHA512 digest.

      No need to generate MD5 or SHA1; these are no longer secure.

      Steps:

      • in pom.xml, modify the checksum-maven-plugin configuration;
      • in HOWTO.md, remove the steps to generate the .mds file;
      • in site/downloads/index.md, modify the "assign digest" logic for releases 1.14 and later.

        Issue Links

          Activity

          Hide
          michaelmior Michael Mior added a comment -

          Resolved in release 1.14.0 (2017-10-01)

          Show
          michaelmior Michael Mior added a comment - Resolved in release 1.14.0 (2017-10-01)
          Hide
          michaelmior Michael Mior added a comment -

          Fixed in f10950b58.

          Show
          michaelmior Michael Mior added a comment - Fixed in f10950b58 .
          Hide
          julianhyde Julian Hyde added a comment -

          Good question (since we only have room for one in the web UI). Yes, it should point to the .sha512.

          Show
          julianhyde Julian Hyde added a comment - Good question (since we only have room for one in the web UI). Yes, it should point to the .sha512.
          Hide
          michaelmior Michael Mior added a comment -

          I assume we should have the linked digest for the downloads be the sha256 now?

          Show
          michaelmior Michael Mior added a comment - I assume we should have the linked digest for the downloads be the sha256 now?
          Hide
          julianhyde Julian Hyde added a comment -

          Per release distribution policy there also needs to be a .md5 file. Which makes 3: .md5, .asc, .sha512.

          Arguably we should not be creating .md5 anymore, but we have to comply with current policy.

          Show
          julianhyde Julian Hyde added a comment - Per release distribution policy there also needs to be a .md5 file. Which makes 3: .md5, .asc, .sha512. Arguably we should not be creating .md5 anymore, but we have to comply with current policy.

            People

            • Assignee:
              michaelmior Michael Mior
              Reporter:
              julianhyde Julian Hyde
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development