[CASSANDRA-14970] New releases must supply SHA-256 and/or SHA-512 checksums - ASF JIRA

Details

Type: Bug
Status: Open
Priority: Urgent
Resolution: Unresolved
Fix Version/s: 2.2.15, 3.0.19, 3.11.5, 4.0
Component/s: Packaging
Labels:
None

Severity:
Critical

Description

Release policy was updated around 9/2018 to state:

"For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT supply MD5 or SHA-1. Existing releases do not need to be changed."

build.xml needs to be updated from MD5 & SHA-1 to, at least, SHA-256 or both. cassandra-builds/cassandra-release scripts need to be updated to work with the new checksum files.

http://www.apache.org/dev/release-distribution#sigs-and-sums

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

build_trunk.png
09/Jan/19 03:21
777 kB
Michael Shuler
build_cassandra-2.1.png
09/Jan/19 03:21
601 kB
Michael Shuler
ant-publish-checksum-fail.jpg
09/Jan/19 00:56
399 kB
Michael Shuler
0001-Update-downloads-for-sha256-sha512-checksum-files.patch
08/Jan/19 23:51
1 kB
Michael Shuler
0001-Update-release-checksum-algorithms-to-SHA-256-SHA-512.patch
08/Jan/19 23:23
1 kB
Michael Shuler

Issue Links

requires

INFRA-14923 Add new SHA-* rules to Nexus staging

Waiting for Infra

Activity

People

Assignee:

Michael Shuler

Reporter:

Michael Shuler

Authors:

Michael Shuler

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

08/Jan/19 22:51

Updated:

16/Apr/19 09:29