Uploaded image for project: 'Cassandra'
  1. Cassandra
  2. CASSANDRA-14970

New releases must supply SHA-256 and/or SHA-512 checksums

    Details

    • Severity:
      Critical

      Description

      Release policy was updated around 9/2018 to state:

      "For new releases, PMCs MUST supply SHA-256 and/or SHA-512; and SHOULD NOT supply MD5 or SHA-1. Existing releases do not need to be changed."

      build.xml needs to be updated from MD5 & SHA-1 to, at least, SHA-256 or both. cassandra-builds/cassandra-release scripts need to be updated to work with the new checksum files.

      http://www.apache.org/dev/release-distribution#sigs-and-sums

        Attachments

        1. build_trunk.png
          777 kB
          Michael Shuler
        2. build_cassandra-2.1.png
          601 kB
          Michael Shuler
        3. ant-publish-checksum-fail.jpg
          399 kB
          Michael Shuler
        4. 0001-Update-downloads-for-sha256-sha512-checksum-files.patch
          1 kB
          Michael Shuler
        5. 0001-Update-release-checksum-algorithms-to-SHA-256-SHA-512.patch
          1 kB
          Michael Shuler

          Issue Links

            Activity

              People

              • Assignee:
                mshuler Michael Shuler
                Reporter:
                mshuler Michael Shuler
                Authors:
                Michael Shuler
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: