Uploaded image for project: 'Oozie'
  1. Oozie
  2. OOZIE-3189

Update the release script and wiki page to use sha512 instead of md5

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 5.0.0
    • Component/s: scripts
    • Labels:
      None

      Description

      Apache has updated it's policy on the release signatures, as per it's website here and a recent email. Basically, all future releases should be providing a sha512 checksum instead of an md5 one.

      There are two tasks:

      1. Update the release script to use sha512 instead of md5
        https://github.com/apache/oozie/blob/master/bin/create-release-artifact#L71
        https://www.apache.org/dev/release-signing#sha-checksum
      2. Update the wiki (requires committer/pmc permissions?)
        https://cwiki.apache.org/confluence/display/OOZIE/How+To+Release

      While we're updating the wiki, we should add details on:

      1. Making sure the gpg key used for signing releases is 4096 bit RSA
      2. Publishing your gpg public key to a key server (https://www.apache.org/dev/release-signing#keyserver)

        Attachments

        1. OOZIE-3189.001.patch
          3 kB
          Robert Kanter
        2. OOZIE-3189.002.patch
          3 kB
          Robert Kanter

          Activity

            People

            • Assignee:
              rkanter Robert Kanter
              Reporter:
              rkanter Robert Kanter
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: